Attackers have hosted malware on drive.google.com and utilized the sharing capabilities and phish users to download it.
Command and Control
Attackers have used drive.google.com for C&C by retrieving files with commands to be executed. An example of a malware that uses drive.google.com as C&C is SysJoker.
drive.google.com can be used to store exfiltrated files on there. GC2 is an open-source tool that utilizes drive.google.com for exfiltration.
drive.google.com creates shared links for files which enables attackers to download additional tools.
Last Update: 2021-11-10