A few famous online collaboration tools, including the likes of Slack and Discord, are being hijacked by hackers to disperse malware, experts have cautioned.
Cisco's security division, Talos, published new research on Wednesday featuring how, throughout the span of the Covid-19 pandemic, collaboration tools like Slack and, considerably more generally, Discord have become convenient mechanisms for cybercriminals. With developing frequency, they're being utilized to serve up malware to victims in the form of a link that looks reliable. In different cases, hackers have integrated Discord into their malware to remotely control their code running on tainted machines, and even to steal information from victims.
Cisco's researchers caution that none of the methods they found really exploits a clear hackable vulnerability in Slack or Discord, or even requires Slack or Discord to be installed on the victims' machine. All things considered, they essentially exploit some little-analyzed features of those collaboration platforms, alongside their ubiquity and the trust that both clients and systems administrators have come to place in them.
"People are way more likely to do things like click a Discord link than they would have been in the past, because they’re used to seeing their friends and colleagues posting files to Discord and sending them a link," says Cisco Talos security researcher Nick Biasini. "Everybody’s using collaboration apps, everybody has some familiarity with them, and bad guys have noticed that they can abuse them."
With regards to information exfiltration, the Discord API, for instance, has demonstrated to be quite an effective tool. As the webhook functionality (originally intended to send automated alerts) was intended to have the option to convey any kind of information, and malware oftentimes uses it to ensure stolen information arrives at its intended destination.
“Webhooks are essentially a URL that a client can send a message to, which in turn posts that message to the specified channel — all without using the actual Discord application,” the researchers say. “The Discord domain helps attackers disguise the exfiltration of data by making it look like any other traffic coming across the network.”
As texting applications grow in popularity, the threats will develop with them. Organizations should know about the dangers, and cautiously pick which platform to utilize, the researchers concluded.