Thanks in large part to the global pandemic, collaboration platforms like Discord and Slack have taken up intimate positions in our lives, helping maintain personal ties despite physical isolation. But their increasingly integral role has also made them a powerful avenue for delivering malware to unwitting victims—sometimes in unexpected ways.
Cisco's security division, Talos, published new research on Wednesday highlighting how, over the course of the Covid-19 pandemic, collaboration tools like Slack and, much more commonly, Discord have become handy mechanisms for cybercriminals. With growing frequency, they're being used to serve up malware to victims in the form of a link that looks trustworthy. In other cases, hackers have integrated Discord into their malware for remote control of their code running on infected machines, and even to steal data from victims. Cisco's researchers warn that none of the techniques they found actually exploits a clear hackable vulnerability in Slack or Discord, or even requires Slack or Discord to be installed on the victim's machine. Instead, they simply take advantage of some little-examined features of those collaboration platforms, along with their ubiquity and the trust that both users and systems administrators have come to place in them.
"People are way more likely to do things like click a Discord link than they would have been in the past, because they’re used to seeing their friends and colleagues posting files to Discord and sending them a link," says Cisco Talos security researcher Nick Biasini. "Everybody’s using collaboration apps, everybody has some familiarity with them, and bad guys have noticed that they can abuse them."
Among the collaboration app exploitation techniques Cisco's researchers are warning about, the most common ..