Gmail and iCloud Mail do a poor job of recognizing malware (and they leave it that way)

Most email providers are not particularly good at recognizing malware. However, new research shows that they also hardly do their best to protect users. You need to know this.

That’s how bad Gmail and iCloud Mail are at recognizing malware

The research comes from SquareX, a new browser security company, highlights how little providers are doing to recognize malware. By collecting 100 malicious documents of different types and organizing them into four main groups, researchers found that providers are omitting one important basic security measure: scanning attachments.

That may sound like the early 2000s, but email attachments are still one of the main ways viruses, Trojans, and ransomware can infect a device. The four categories of malicious documents were classified as follows:

  • Original malicious documents from MalwareBazaar.
  • Slightly modified malicious documents from MalwareBazaar, such as changes to metadata and file formats.
  • Malicious documents modified with attack tools that have been around for years.
  • Basic documents containing macros that run programs on devices.
recognize malware
SquareX browser extension.

Research from SquareX

SquareX researchers attached similar malicious files to emails and sent them via Proton Mail to addresses on iCloud Mail, Gmail, Outlook, Yahoo! Mail and AOL. If the emails were delivered successfully, the threat in the attachment could pose a danger.

The below table lists the results of sending 7 out of 100 malicious files to the different email providers. If an email is not delivered, it is a sign that the server was able to recognize the malware while processing the email. So that only happened very occasionally.

recognize malware

Investing in email security features may seem like the most obvious solution here. Ian Thornton-Trump, CISO (Chief Information Security Officer) at Threat Intelligence Solutions company Cyjaxhowever, points out: ‘that’s like asking why the free Wi-Fi at Starbucks doesn’t block all cyber attacks.’

Adding security features to recognize malware can be problematic due to so-called ‘false positives’, which require technical support and therefore incur costs. Those costs for millions of users on a free platform quickly become commercially unsustainable. At the same time, it is apparently necessary for something to be done about it.

Do you always want to be up to date with the latest Apple news? Then please sign up for our newsletter. Additionally, download the free iphoned app and keep an eye on our website. Then you’ll never miss an Apple news again!

  • Gmail and iCloud Mail do a poor job of recognizing malware (and they leave it that way)

  • Vodafone OneNumber: eSIM support for your Apple Watch

  • iPhone 14 (Pro) pre-order: prepare yourself with these 6 tips

  • The iPhone 13 will become more expensive – you can still get an iPhone cheaply here (now).

  • European providers want to block Private Relay (and here’s why)

Recent Articles

Related Stories