Security News > 2021 > April > Collaboration Platforms Increasingly Abused for Malware Distribution, Data Exfiltration
Threat actors are increasingly abusing collaboration platforms for nefarious purposes, including malware delivery and data exfiltration, security researchers with Cisco's Talos division report.
Attackers leveraged these platforms to deliver lures and infect victims with ransomware and other malware.
"These platforms provide an attractive option for hosting malicious content, exfiltrating sensitive information, and otherwise facilitating malicious attacks. In many cases, these platforms may be required for legitimate corporate activity and, as such, hosting malicious contents or using them to collect sensitive information may allow attackers to bypass content filtering mechanisms," Talos notes.
Previously, Discord was used to deliver the Thanatos ransomware, with recent attacks abusing the mechanism for the distribution of remote access Trojans such as Agent Tesla, AsyncRAT, Formbook, JSProxRAT, LimeRAT, Lokibot, Nanocore RAT, Phoenix Keylogger, Remcos, and WSHRAT. Collaboration platforms such as Discord and Slack support file attachments, providing adversaries with yet another means for malware delivery.
Attackers also abuse Discord and Slack for the exfiltration of data and for communication with the infected systems.
"As chat apps like Discord, Slack and many others rise in popularity, organizations need to assess how these applications can be abused by adversaries and how many of them should be allowed to operate inside your enterprise. [] It's likely the abuse of these chat apps will only increase in the near and long term," Talos concludes.