Security researchers have uncovered a vulnerability in Google LLC’s Apps Script programming language that could potentially allow hackers to deliver malware to unsuspecting victims via Google Drive.

For example, a teacher could have a Google Sheets file with student grades, and by using Google Apps Script, they would be able to send personalized emails automatically, saving hours of manual work.

“In short, Google Apps Script attacks may bypass local anti-phishing controls,” said Beggs, “however, the information that flags an attack remains present, and diligent users will be able to ...