An alleged vulnerability Google Drive may allow hackers to trick users into installing rogue code.

According to a System administrator A. Nikoci, there's a flaw in Drive's "manage versions" feature, that could let attackers swap a legitimate file with malware. The cloud storage service reportedly doesn't check to see if a file is of the same type, or even enforce the same extension. Effectively turning an innocuous photo to an exploit program in disguise.

The exploit could be used to spear phishing attacks that trick users into compromising their systems. The compromised system will leave companies that rely on Google Drive for sharing documents open to further attacks.

Nikoci claims he has notified Google about the issue, but as of the writing of this news, it was still unpatched.