Talos, published new research states collaboration tools like Slack and, considerably more generally, Discord have become convenient mechanisms for cybercriminals.They’re being utilized to serve up malware to victims in the form of a link that looks reliable.
Hackers have integrated Discord into their malware to remotely control their code running on tainted machines, and even to steal information from victims.
Cisco’s researchers caution that none of the methods they found really exploits a clear hackable vulnerability in Slack or Discord, or even requires Slack or Discord to be installed on the victims’ machine. All things considered, they essentially exploit some little-analyzed features of those collaboration platforms.
With regards to information exfiltration, the Discord API, has demonstrated to be quite an effective tool. As the webhook functionality was intended to have the option to convey any kind of information, and malware oftentimes uses it to ensure stolen information arrives at its intended destination.
Webhooks are essentially a URL that a client can send a message to, which in turn posts that message to the specified channel all without using the actual Discord application.Organizations should know about the dangers, and cautiously pick which platform to utilize.