Google Drive has become the most efficient vector for malicious downloads

Google Drive Attack Vector Malicious Downloads Malware Scripts Cloud Services Brand Abuse

Recent reports revealed how Google Drive became the most exploited function that threat actors used for spreading malicious payloads. Based on data gathered by researchers, about half of all malicious Office documents spread globally were distributed by threat actors using Google Drive.

The result of the report is based on a recent study that covers different Microsoft Office documents such as PDF, Google Docs, and Office 365. Furthermore, the report suggested that 37% of all malware downloads are compromised office documents.

A couple of years ago, Microsoft OneDrive was the primary source of malicious office documents. About 34% share of all malicious documents came from that drive in 2020.

However, last year, Google Drive dethroned OneDrive since the first drive recorded a staggering 50% malicious downloads in 2021. One drive has diluted its malware distribution from 34% to 19%. Moreover, OneDrive is still the second most used drive for malware distribution.

On the other hand, SharePoint came in third on the list as 15% of all victims downloaded their malicious documents on SharePoint’s drive. It was followed by Box and Gmail at 3% and 4%, respectively, while the remaining apps are combined for 9% malicious downloads.


Google Drive and cloud services are the most common apps used by threat actors for malware propagation.


Cloud services, especially Google Drive, continue to observe multiple sign-ups as increased organisations and businesses operate within the platform.

Cybercriminals exploit this convenient way of storing files by creating free accounts on cloud apps hosting services, uploading malware-laden files, and sharing them publicly. Then, they will wait until an unaware user will access their malicious file and infect the user’s device with malware.

Utilising legitimate platforms from Google and Microsoft has gained popularity among ordinary users and cybercriminals. Users who favour downloading or receiving documents from unknown sources or emails should be wary of the risks that this threat could impose.

Organisations and businesses should also secure their cloud-based apps with user authentication and security threat monitoring solutions.

About the author

Leave a Reply