Google AppScriptって有能すぎるからなぁ。。。マルウエアを配布するプラットフォームの一部になってるという話。

Proofpoint researchers discover a new means of exploiting Google Apps Script to deliver malware via URLs.
Software-as-a-Service (SaaS) applications have become mainstays of modern business and consumer computing. However, they are also quickly becoming the latest frontier of innovation for threat actors looking for new opportunities to distribute malware, steal credentials, and more. Proofpoint researchers identified a vulnerability that allowed attackers to leverage Google Apps Script to automatically download arbitrary malware hosted in Google Drive to a victim’s computer.
Google Apps Script is a development platform based on JavaScript that allows both the creation of standalone web apps and powerful extensions to various elements of the Google Apps SaaS ecosystem. Proofpoint research has found that Google Apps Script and the normal document sharing capabilities built into Google Apps supported automatic malware downloads and sophisticated social engineering schemes designed to convince recipients to execute the malware once it has been downloaded. We also confirmed that it was possible to trigger exploits with this type of attack without user interaction, making it more urgent that organizations mitigated these threats before they reach end users, whenever possible.

New Google Apps script vulnerability extends URL-based threats to SaaS platforms | Proofpoint