Is it possible for malware to infect google drive?

Question

If I move a malicious file to Google drive, can my other files there get infected? Or can my google account itself get compromised?

Answer 1

Everything is possible in IT, but in this case my personal understanding would be that the risk is very low - but! considering only Google side.

So, to infect other files on Google drive, or to compromise your GDrive account, malicious code has to run on Google infrastructure directly. To achieve that, an exploit is required that will affect somehow the process of how Google is handling your files, which I see very unlikely to happen. Some weird vulnerabilities might theoretically exist (like ImageTragic thing, which allowed remote code execution under certain conditions) - but again, I wouldn't be so afraid here, as if we put our risk bar that high, we should consider stopping using online services at all, and maybe stop using the Internet even.

However, Google drive is often synced via desktop or mobile client. So, if your system gets infected, malware can infect your files locally, and then replicate the changes to GDrive. Same story with account credentials: they might leak because of malware on your local host or through phishing email or scam domain / web-based attack, and then the attacker will have your credentials and will of course have full access to your GDrive. This, of course, is not related to just "file upload on GDrive".

But solely file upload on GDrive - that should be fine. Just don't you forget it's malicious, and don't you click on it ever, as after that it wouldn't be Google to blame ;)

Reference: https://imagetragick.com/