Google will block .js (JavaScript) attachments in Gmail starting Feb 13

Lately, scammers and cybercriminals have renewed the use of email-based attacks and a part of this includes deploying the payload by integrating it as a Macro in a Word documents. This along with the Javascript that runs on infected clients will likely download malware from the malicious site. In fact, most of the Ransomware that we have reported till now are also being offloaded into the host.

Gmail will block JavaScript attachments

Gmail will block JavaScript attachments

Google has now taken a stern step and has announced that starting from Feb 13 it will start clocking .js files in Gmail attachments. While from a security point of view this is a great measure some of the Gmail users might be affected by the fact that they will not be able to send .js files but again there are many ways to do so including Google Drives and other cloud storages.

This is what Google had to say about the new move,

“Similar to other restricted file attachments, you will not be able to attach a .js file and an in-product warning will appear, explaining the reason why.”

As far as inbound emails are concerned senders will get a bounce message detailing why the email was blocked.

Security seems to be of paramount importance as they have already blocked nearly 30 file types in Gmail including .cmd, .exe, .jar, .lib, .apk among many others.

As we explained earlier Google clearly mentions that when it comes to legitimate uses one can make use of Google Drive or as a matter of fact any hosting service to send the documents. The Feb 13 will be rapid release and the move is expected to be in response to the threat by cybercrime operations which is rising exponentially.

Remember the Locky Ransomware? Well, it used a .js downloader among other tools to download the malware and it had created havoc after infecting hospitals in Hollywood and Kentucky which were the ones that attained to high-profile individuals.

Download this VPN to secure all your Windows devices and browse anonymously
Posted by with Tags
Mahit Huilgol has been using Windows on PC and Mobile since long. He has been following Microsoft developments from close quarters and loves writing about it.

One Comment

  1. Dan

    Indeed, a number of recent-times attacks have been made via node-webkit java (NW,js); NW.js is a boon to javascript, but unfortunately it’s a now a top choice for ransomware makers so GMail blocking it will do more good than harm. Cheers!

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + 9 =