The Role of Google Drive and Gmail in Malware Delivery: Netskope Threat Labs Reports.

A recent report by Netskope Threat Labs, titled “SASE Week 2023 On-Demand! Explore sessions,” shed light on the prevalent use of cloud apps in the retail sector.

Interestingly, Google Drive, Google Gmail, and WhatsApp were found to be more popular than Microsoft OneDrive, which usually tops the list in other industries.

The report also unveiled a significant threat in the retail sector – cloud malware delivery. Attackers are exploiting cloud apps to deliver Trojans and other malware payloads. Google Drive and Google Gmail, the two most popular apps, are the primary channels for these malware downloads.

Over the past year, the report examined cloud app adoption and malware threats in the retail sector. It found that cloud app usage fluctuated between 19 and 21 apps. On average, users interacted with 20 cloud apps per month, which indicates a consistent cloud app adoption.

                                   Cloud app usage fluctuated between 19 and 21 within  a period of 12-months. Image-source: Fixitgearware

In terms of data downloads from cloud apps, the retail sector is on par with other industries, with 89% of users downloading data, compared to 94% in other sectors. However, the retail sector lags slightly behind in data uploads, averaging 61%, compared to the 66% average in other sectors.                                                                 

OneDrive emerged as the most popular app in retail, outperforming Google Drive, Gmail, Microsoft Teams, and SharePoint. Also, OneDrive was the most used app for both uploading (16%) and downloading (19%) data. WhatsApp’s popularity in retail is noteworthy, surpassing SharePoint.

Furthermore, the report also highlighted a higher incidence of cloud malware delivery in retail, particularly in April, May, and June, at 70%, compared to 60% in other industries. Google Drive and Gmail are the top apps misused for malware delivery in retail. Also, the reports highlights Trojans are the most common type of malware downloaded from the web or cloud in the retail sector, mirroring trends in other regions.

                                 Over 70% of malware were delivered between April and June 2023. Image-source: Netskope


In addition, the report listed the top 10 malware and ransomware families targeting retail users in the past 12 months, including:

  • Backdoor.Zusy (TinyBanker).
  • Botnet.Andromeda (Gamarue)
  • Downloader.Guloader. 
  • Downloader.Upatre.
  • Infostealer.ClipBanker.
  • Infostealer.Khalesi (KPOT).
  • Phishing.PhishingX.
  • Ransomware.Avaddon.
  • RAT.Remcos
  • Trojan.Valyria (POWERSTATS).


To summarize, the report which is based on anonymized usage data from Netskope’s Next Generation Secure Web Gateway, collected between November 2022 and October 2023, it identified Trojans as the most commonly downloaded malware by users.
These serve as an entry point for attackers, leading to the delivery of other malware such as infostealers, remote access Trojans, backdoors, and ransomware.

                           The report indicates Trojans as the most commonly downloaded malware. Image-source: Netskope


Given the increasing use of cloud apps for malware delivery, particularly Trojans, Netskope recommends retail organizations to take protective measures such as:

  • Inspecting all HTTP and HTTPS downloads.
  • Ensure the inspection of high risk files and Executables.
  • Blocking downloads from unused apps through policies configurations.
  • Blocking uploads uploads to unused apps through policies configurations.
  • Using intrusion prevention systems.
  • The use of Remove Browser Isolation.



Put your comments below in the comment section on your thoughts about this.

Find this article and information helpful? Show some love and support  “Click-Here”
5 1 vote
Article Rating
Notify of
Inline Feedbacks
View all comments