Google Knowingly Distributing Malware AGAIN - 7 days (and counting)
In the past, we've written about a previous incident where we noticed malicious files that were being hosted on Google drive, and distributed via links in spam EMails (unsurprisingly sent via GMail). And now it looks like Google is at it yet again, distributing malware via this URL:
https://drive.google.com/uc?id=1bVOrRozJg9wPoALxHn2nou_XjZGUit50&export=download
And this time, the scammers seem to have found an even easier-to-exploit flaw in Google's malware scanner. In the previous incident, they resorted to using less-common compression formats, which Google's malware scanner is presumably incapable of reading - this time, however, the scammers simply used a password-protected zip file. And that seems to be all it takes to sneak malware onto Google's servers, which they will then happily & unwittingly distribute.
We've notified Google that they're hosting & distributing malware over a week ago, when the message was first received - and even did so via multiple means, including sending spam complaints against the "spamvertised" Google drive link, and through Google's own "Report malicious software" page. Yet they don't seem to be at all concerned about that, since 7 days later they still haven't done anything about it & are still knowingly distributing that malware.
