Document uploads are thought to be part of a profiling strategy.
Hackers are abusing Google Drive to collect information on victims in a malware attack, according to security company Trend Micro.
The malware is said to work by checking a user’s personal folders and uploading documents with common file extensions to Google Drive, making use of refresh tokens to bypass the storage service’s authentication process.
Kervin Alintanahin, a threat analyst at Trend Micro, said: "Our analysis shows that this malware can only upload document-type files to Google Drive.
"This type of malware routine is perfect for reconnaissance – one of the earlier stages for targeted attacks. After all, one of the key aspects in a successful attack is having enough information on the target."
He noted that other storage or hosting services such as Dropbox and Sendspace had been similarly exploited, adding that the file names in this instance led him to believe government entities were being targeted by hackers.
In an aside, the malware was found to have been created with the programming language Go, also called golang, which was created by Google and is used by Dropbox for parts of its infrastructure.
"While interesting, the use of golang is not new: security researchers have seen golang-created malware as early as 2012," Alintanahin added.
"It would be hard to pinpoint the exact reason for using golang but some have attributed its appeal to its supposed lack of mainstream profile."