In the aftermath of the widespread phishing scam, Gmail has decided to block JavaScript (.js) file attachments from Feb. 13.

Google announced this news on Jan. 25 through its G Suit Updates blog.

"Gmail currently restricts certain file attachments (e.g. .exe, .msc, and .bat) for security reasons, and starting on February 13, 2017, we will not allow .js file attachments as well." stated the blog.

For the uninitiated, Gmail already blocks standard windows executable files (.exe), batch files (.bat), and Microsoft Management Console file (.msc).

To maintain security of its services, it seems Google will now block .js file attachments, as malicious emails often attach various rigged file attachments in these formats to trick users into giving up their credentials.

JavaScript is a programming language used to develop web applications and .js files are often loaded as a part of web page downloads.

Opening an unknown .js file starts the Windows Script Host, which runs inside the file. Running the Windows Script Host can prove to be very dangerous for the user as it can easily run Windows executables.

What If People Try To Upload a JavaScript File Post The Deadline?

Google said that an "in-product" warning will appear if someone tries to attach a .js file attachment in the mail after Feb. 13.

Does This Mean No More Sharing Of JavaScript Files?

No. It does not, as users have other options for sharing such files. A user can resort to Google Drive or Google Cloud storage or any other storage solution to receive and share JavaScript file attachments.

Gmail Phishing Scam

For the unfamiliar, Gmail users fell victim to a widespread phishing scam last week, which fooled them to give their Google credentials.

The hackers used the compromised mail accounts to go through the sent folder and pass the malware to other unsuspecting Gmail users. The best part about the trick is that the malicious mail came from the account of a known person, whose account had already been hacked.

Malware was disguised as image attachments in the form of a PDF. On clicking for a preview, a new tab would open up for the user, asking him or her to log into their Gmail accounts again. The location bar would display the address as "accounts.google.com," which most users know they have arrived at the authentic Gmail login page. What they missed was the small bug hidden in the form of a data file "data:text/html" which is attached infront of the host name.

The hackers behind this scam were able to block the user from using any other services linked to Google accounts.

Reason Behind The Security Measure

Google has not provided the public with a detailed explanation other than saying that this step was taken for "security reasons."

Whether this step was taken as a security measure because of the recent phishing scam is not clear and is merely an assumption.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion