Google bans JavaScript Attachments due to rising cyber security concerns

    Google has officially announced today that all JavaScript enriched attachments will be banned for Gmail users due to growing cyber security concerns. So, all users of Google Mail services who intend to attach .js files to their emails will not be allowed to do so from February 13, 2017.

    Thus, we can conclude that dot js (JavaScript) extension has now been added to the list of restricted file extensions( such as .exe, .msc, and .bat) on Google Security radar.

    In July’16, researchers found that a JavaScript Vulnerability in Yahoo Mail will allow any attacker to eavesdrop on Yahoo Customers emails. And in the same year, many media resources reported that cyber crooks have started spreading malicious software through Gmail attachments. Security researchers found that JavaScript vulnerability may act as a tool for hackers to spread ransomware.

    Remember, email has always proven as an effective way to spread malware as people always click on the attachments received by email without taking additional precautions. Due to this reason, hackers which include some state-sponsored attackers are using email services as malware spreading mules. 

    You can take the example of last years Kremlin’s attack on Hillary Clinton election campaign. In this cyber attack, the state-sponsored actors targeted a support staff of Mrs. Clinton by sending a kind of malware via an email attachment which later helped the cyber criminals gain access to all lost emails on Hillary Clinton’s email server.

    Hence, Google decided to restrict all its users from loading attachments with the above-said file extensions.

    And even if the hackers decide to send ransomware like Locky and Cryptowall through.ZIP files, Gmail has the potential to still block them.

    Additional Information on how JavaScript attachment is going to work will be updated shortly.

    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display