Google Drive is one of the major products to save and share the documents with your Friends. But in a recent day Security Researcher Christy Philip Mathew had described the trick to hack the Gmail information with the help of Clickjacking and CSRF vulnerabilities in Google docs which allows the users to phishing attack.
The researcher had successfully grabbed the accounts like yahoo, Facebook and credit card credentials. He explains the attack and work method in his own Google User by phishing attack to acquire the information’s. The proof of concept is added here and the following video describes the attack steps that have been taken place carefully with the draft for the knowledge of sharing and this information is provided is only for knowledge and I strictly advice not to use on any user accounts.
The added advantage of this attack is it makes the user to believe that the file is Google default file to save the passwords in one location. Since the attacker and victim are the same which means the owner of the file and it is used public to access after removing the ownership of the document.
Google Goopass is the imaginary creation for learning and there is not in reality it is just for explanation.