January 27, 2017

Gmail user's accounts are about to become safer, as on February 13th Google will begin blocking JS attachments in emails. Currently there are 31 attachments that are being blocked in in Gmail, which include .exe, .bat, .hta, and .vbs files, but JS files are still allowed through. As this attachment is commonly used to distribute malware, the blocking of JS files will only increase the security of user's Gmail account.

Starting on February 13th 2017, when a user tries to attach a JS file they will block the attachment and warn the user that this attachment is no longer allowed. If a user receives a JS attachment in Gmail, access to the file will be blocked as well and the user will be shown a warning stating that the file was blocked for security reasons.

                                                                            Gmail Blocking JS Attachments 

As many malware distributors use weaponized JS SPAM attachments to distribute and infect victims with ransomware and other infection, this restriction will definitely be helpfuly. Unfortunately, it will also push malware distributors to favor other distribution methods.

For example, as Gmail will not be blocking Word or Excel documents, it will still be possible to weaponize those types of documents to install malware.

                                                                                      Malicious Word Document

Though blocking JS files is definitely a good move towards increasing security, email users will still need to remain vigilant and not open attachments from people they do not know.  Unfortunately, malware developers have a good track record of learning new methods to distribute malware when older avenues are no longer available.

News Courtesy : https://www.bleepingcomputer.com/news/google/gmail-will-block-js-attachments-for-security-reasons-starting-february-13/