Big thanks Part World pairs worldwide, Collaborative platforms like Discord and Slack have taken an intimate position in our lives by helping to maintain personal relationships despite physical isolation. But their increasingly integral role has created a powerful opportunity to deliver malware to their unwanted victims – sometimes in unexpected ways.
Cisco’s Department of Security, Talos, released new research on Wednesday showing that the Covid-1p epidemic has become an effective tool for collaborative tools such as Slack and, more commonly, undisclosed cybercriminals. With increasing frequency, they are being used to serve malware to victims in the form of a link that looks believable. In other cases, hackers have integrated discord with their malware to steal data from remote controls and even victims from infected machines. Cisco researchers warned that none of the techniques they found would employ a clear hackable vulnerability to Slack or Discord, even requiring the installation of Slack or Discord on hunting machines. Instead, they take advantage of the ubiquity and somewhat under-tested features of all those collaboration platforms, including confidence in the ubiquity of both users and system administrators.
“People are more likely to do things like click on a discord link than in the past, because they used to post files on the discord to their friends and colleagues and send a link,” said Nick Bayasini, a security researcher at Cisco Talos. “Everyone is using the collaboration app, everyone has some acquaintance with them and the bad guys have noticed that they can abuse them.”
Among the collaborative application exploitation strategies, Cisco researchers warn, the most commonly used platforms are primarily used as file hosting services. Both Discord and Slack allow users to upload files to their servers and create externally accessible links to those files, so that anyone can click on the link and access the file. In many cases found in Cisco, these files are malicious; Researchers have compiled a list of nine recent remote-access spy tools that Agent Tesla, LimeRate and Phoenix Kilger have tried to install in this fashion.
Links do not have to be delivered to victims within Slack or Discord. These can also be served via email, where hackers can easily troll victims, disguise victim colleagues and reach out to those with whom they have no previous relationship. As a result, Cisco recorded a strong incentive last year to use these links to deliver malware via email. “We’ve seen thousands over the last few months and this rate is constantly rising,” Biasini said.
Security agency Zedskeller similarly noted an increase in the use of technology by cybercriminals The study was published in February, They warned that they were being distributed as fake video games embedded in Discord’s links, spotting about two dozen forms of malware every day, including ransomware and cryptocurrency mining programs. Hackers have also used malware infiltration tactics that steal Discard authentication tokens from victims’ computers, allow hackers to disguise themselves in Discord, and spread more malicious Discord links to cover their tracks while using Victim’s account.
In addition to exploiting what users believe in Slack and Discord links, the strategy also hates malware, as both Slack and Discord use HTTPS encryption on their links and compress when uploading files. And when the hacker’s server is detected, other methods of malware hosting can be taken offline or blocked, making it harder to prevent or prevent users from accessing slacked and discarded links. “Opponents are likely to be affected by things like shutting down a server, shutting down a domain, blacklisting files,” Biasini said. “And a way has been found to break what they have done.”
Aside from hosting their malware on Discord and Slack links, cybercriminals use Discord as a command-control and data-stealing element in their malware. Discord allows programmers to add “webhooks” to their codes that automatically update the Discord channel with information from an application or website. So cybercriminals use this tactic to restore data from infected computers to command-control servers that they use to manage botnets, and even drag data from a victim’s machine to the server. Like malicious link technology, that webhook trick hides malicious traffic in more innocent-looking, encrypted discarded communications and makes hacker infrastructure more difficult to pull offline. (While Slack also offers a similar web hook feature, Cisco says hackers have not seen it abused as Discord.)