Attackers Blowing Up Discord, Slack with Malware

2021-04-07 20:50

Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans and other malware.

The researchers saw this behavior across malware, adding that one Discord CDN search turned up almost 20,000 results in VirusTotal.

The team used this screenshot to illustrate this type of attack on Discord, showing a first-stage malware tasked with fetching an ASCII blob from a Discord CDN. The data from the Discord CDN is converted into the final malicious payload and injected remotely, the report said.

The Discord API has turned into an effective tool for attackers to exfiltrate data from the network.

The Discord domain helps attackers disguise the exfiltration of data by making it look like any other traffic coming across the network, they added.

Discord generates an alphanumeric string for each user, or access token, according to Talos, which attackers can steal to hijack accounts, they added they saw this frequently targeting online gaming.

News URL

https://threatpost.com/attackers-discord-slack-malware/165295/

#malware #slack