Download Links For Software On The Rise From Malware

This happened to me before: download links for other software by hackers who make them fake. This is all done on Google Docs and it's everywhere.

The way they do this is frustrating. The hacker adds his/her own malware for the link to a separate Google Drive folder, make a Google Docs document with a link to a "website" for the "trusted software", share it to the Web and, boom: a malicious Google Docs document with a link to the malware to get it on the victim's device, especially Windows. This has been going around for years, and it never stops.


Here is an example:

  • I typed "download on google docs site:docs.google.com". Here is what popped up:

  • I click on a sample link that says "Voice typing software download free - Google Docs". Here is the document preview:

That looks interesting. Let's try it!
  • It says a description on the next page, but I highly doubt it that the editor did not copy and paste the description from the website. I'm imagining the voice typing "software" is software that requires a microphone and you input speech to help you type. I click on the URL, and this is what I get:

Wait, wait! I need to snip this screen up before something bad happens!
  • (I had to hurry up and clip this part of the website, but I was so fast it wasn't perfect.)

  • After it loaded, this is what I get:

Is this for e-mail. Sure!
  • This is somehow weird. It has a captcha in the background, and it's asking me to allow notifications. What is this?? This is not the site I'm expecting. I clicked "Block". The same notification pop-up message appeared, but is now on the site and not the browser, and the buttons are reversed. I accidentally clicked "Allow", but thankfully, I closed the site with Ctrl + T quickly before anything bad happened.

Are you asking me again? Why?
  • I reopened the tab, clicked "Block" twice, and reloaded the page... wait, what the f***? First off, the first attempt had a 69 at the beginning of the URL. Now it's a 47. I tried again, but the site keeps reloading with a different number at the beginning of the URL.

  • Hang on... I think I see something...

Why can't I click on that?
  • See that captcha box? It's a fake! Again, what the f***? The box is actually a screenshot and not a real captcha. If it were real, then it wouldn't have the bad white border around it.

  • Wait... I see another problem...

  • I see a lock icon. Do you know what that means? It means the site is secure! I'm surprised to see this. This site looks un-secure.

  • I checked the Google Docs info and it said that it had no location, but was made in Nov 8, 2017.

  • Time to do something about this.

  • The document has no owner! I'm surprised to see this. I swear, the owner created these documents and immediately deleted his account. I clicked "Malware", because you can obviously tell it's malware. It's now reported.

I have the right to report these spamming documents. Here are some other examples I have reported:

  • Facebook Template

  • How To Download Fonts To Google Docs

  • Script To Download Files To Google Docs

  • Google Drive For Samsung*

  • Whole Entire Google Drive Folder

  • ZIP Files For Google Drive

  • Cannot Download File**

  • Google Drive Installer

  • Folder Structure

  • Google Drive For Android*

  • "Sync.exe"***

and much more.

Some links use

There are e-books, and three links are the same. Some of the links have been blocked by Madison County School District (Alabama), and were tagged malware. Others require a account. Text says that the book is free, but usually, it ends up with a payment with PayPal. What the h***? It says free, but it's a trick!

Basically, summarize it like this:

  1. The hacker signs up for Google.

  2. He/She uses Google Docs to add title (without capitalizing proper nouns), "link" and copy and paste the description (and ratings, if applicable).

  3. He/She adds malicious stuff to the Google Drive for the document.

  4. He/She submits it to the web.

  5. I swear, he/she deletes his/her Google account after submitting hundreds of these documents.

  6. The victim thinks it's a link to the actual "software", clicks on it and bad stuff happens.

  7. Done. End of story.

Update 1

Here is another example:

When I click on "Report abuse", things get very interesting.

How am I supposed to easily pronounce these names? It turns out that the owner of these documents presumably used a random string generator to make these fake Russian-related names, then deleted his/her account. How bad and strange is that?

Guys, for you out there, stay away from those documents. I swear, it's bad out there. 🙋🏻‍♂️

Footnotes

* I don't understand why people make downloads for mobile use only for Windows users. It freaks me out to see this.

** What kind of file is this?

*** What is this? The description is useless.

About StickyChannel92

StickyChannel92 is a programmer in development. He is addicted to the stuff like this and lives out in Murfreesboro, TN.