Slack and Discord, two workflow and collaboration tools, have been infiltrated by malicious actors abusing legitimate functions to evade security and deliver malware. The campaign seeks to drop information stealers, remote access Trojans, and other malware to users utilizing the platforms. The pandemic drove platforms like Slack and Discord to gain popularity and attract more users as millions of people shifted to remote work. The collaboration platforms have been increasingly targeted since the beginning of the pandemic.
Earlier this week, Cisco’s Talos released a report on collaboration app abuse, highlighting the fact that threat actors and criminal groups have increasingly used collaboration platforms to trick users into opening malicious attachments. One of the key factors associated with this type of attack is that files, domains, and systems frequently get taken down and blocked. However, the chat function in Discord and Slack remove many of these obstacles, allowing malicious actors to connect directly with the user.