Saturday, 22 Jun 2024

Phishing and Malware Exploiting Google Forms

never submit passwords through google forms

Earlier this year, in our research on malware usage of Transport Layer Security (TLS) based communications, we discovered a significant amount of traffic going to Google Forms pages. Malicious actors have long been exploiting legitimate public cloud services, including Google Docs and Google Sheets, for malicious purposes such as infection chains, command and control systems, and data exfiltration. Google Forms, being protected by TLS, make it difficult to determine the contents of submitted data without using a web proxy, making the traffic appear legitimate.

Google Forms for Phishing Attacks

Google Forms have been exploited in various ways. In some cases, attackers have used Google Forms for rudimentary phishing attacks. Victims are tricked into entering their credentials into a form that resembles a login page. Despite warnings from Google Forms about not entering passwords, these forms were often associated with malicious spam campaigns.

Raising the Bar for Phishing

Sophisticated web phishing attacks often mimic the design of targeted services. However, even entry-level scammers can utilize Google Forms’ ready-made design templates to attempt to steal payment data or create phishing forms that appear believable at a glance. We’ve observed scammers targeting Microsoft online accounts, including Office 365, with emails claiming that recipients’ accounts will be shut down if not immediately verified. These emails include Google Forms links adorned with Microsoft graphics, but they are still clearly Google Forms. Although these scams can be easily distinguished as such, they continue to be used successfully by scammers to steal business and personal email accounts.

Tham Khảo Thêm:  Update Splunk.secret Without Breaking Your Production Environment

Malware and Potentially Unwanted Apps

In our research, we have uncovered several Android application packages, potentially unwanted apps, and apps associated with Android adware that utilize Google Forms to capture data without the need to code a back-end website. For instance, the app called SnapTube, which monetizes itself through web advertising fraud, includes a Google Forms page for user feedback. Additionally, we have found evidence of Windows-targeting malware utilizing Google Forms pages to exfiltrate data. These malware samples use web requests to interact with Google Forms pages programmatically, effectively collecting and sending data without any user interaction.

DIY Google Forms Exfiltration

To understand the abuse of Google Forms at a programmatic level, we conducted our own experiment. All you need is a Google account, a purpose-built form, and code to retrieve system data and submit it through an HTML POST request. By identifying the form entry identification numbers with Firefox’s developer tools, we were able to scrape Windows system information and dump it into the form using a Python script.

Ease of Misuse and Conclusion

While Google Forms abuse is commonly associated with low-skill phishing and fraud spam, the potential for data exfiltration and malware command and control remains high due to its ease of implementation. Malware actors continue to exploit trusted cloud services, including Google Forms, due to their widespread use, TLS security, and free nature. It is essential for users to remain vigilant against phishing attempts that utilize Google Forms and not inherently trust TLS traffic to domains such as

Tham Khảo Thêm:  How to Reset Dell Security Manager Password

Frequently Asked Questions

Frequently Asked Questions

  1. What is Google Forms?
    Google Forms is a web-based application that allows users to create surveys, quizzes, and questionnaires. It can be used for various purposes, including data collection and feedback gathering.

  2. Can Google Forms be used for malicious activities?
    Yes, Google Forms can be exploited by malicious actors for phishing attacks, data exfiltration, and malware command and control. Attackers can design forms that resemble legitimate websites to trick users into disclosing sensitive information.

  3. How can I protect myself from Google Forms-based attacks?
    To protect yourself, always be cautious when submitting sensitive information through online forms. Pay attention to the URL and make sure it corresponds to the legitimate website you are interacting with. Additionally, refrain from entering passwords and other confidential data into Google Forms.

  4. Is Google actively addressing abuse of Google Forms?
    Google regularly monitors and takes action against malicious activities on its platforms, including Google Forms. However, users should remain vigilant and exercise caution when interacting with online forms to ensure their personal information is not compromised.


The abuse of Google Forms by phishing and malware actors is a concerning trend in the cybersecurity landscape. While Google actively takes measures to address abuse, users must also play a crucial role in protecting themselves from potential threats. By staying informed and adopting best practices when interacting with online forms, we can mitigate the risks associated with these malicious activities.

Eireview is committed to providing up-to-date information on emerging technology trends. For more insightful articles, visit our website Eireview.

Tham Khảo Thêm:  Something Went Wrong on Our End PayPal Error [Fix]