Success always comes with a price. The pandemic has led to many changes – one of those being the need to reach out to people electronically, leading to the success of Zoom, Stack, Discord, etc. But the services now have a greater chance of being hacked. Discord and Slack became tools for hackers to spread their malware because of their success this past year.
Malware through Discord and Slack
Researchers at Talos, the security experts as Cisco, published their findings on what has happened to these social platforms during the pandemic. Discord and Slack are being used to publish links that look trustworthy but are actually spreading malware. Discord has even been integrated into malware.
It’s important to know that the research shows this isn’t the case of a weak app, and neither Stack nor Discord needs to be installed on the target’s computer or device. Hackers are using an exploit and the trust of a target.
“People are way more likely to do things like click a Discord link than they would have been in the past because they’re used to seeing their friends and colleagues posting files to Discord and sending them a link,” said Nick Biasini, one of the researchers.
“Everybody’s using collaboration apps, everybody has some familiarity with them, and bad guys have noticed that they can abuse them.”
As scary as that may seem, we know it’s there. We have had such a desire to connect with people, we are putting all our trust in chat apps.
The exploit used most often is when Discord and Slack are used to host files that are being shared. Cisco found malicious files being hosted. Hackers had tried to install nine remote access spy tools.
These malicious links don’t even have to be in Discord or Slack to deliver malware. Hackers can impersonate your colleagues and reach out to you via email and pretend to be your co-worker. Cisco saw a large increase in email-delivered malware over the past year.
Other security researchers have seen much the same thing. Zscaler noted they saw as much as two dozen variants of malware every day. Fake video games were also carrying Discord links. The hackers steal Discord authentication tokens, and this enables them to impersonate the users on the platform.
Helping the hackers out, Slack and Discord utilize HTTPS encryption and compress uploaded files. This makes it more difficult to take the malicious links down.
The cyber attackers have also used an exploit on Discord that allows programmers to upgrade a channel on the platform with app or website information. They use this avenue to relay that information back to their server. The hackers’ actions are again hidden, as they add the malicious links in communication on Discord. It makes it harder to pull the hacking operation down.
Discord and Slack Response
“We are working to enhance our processes to make it easier to report these types of issues, improve the way these issues are internally routed for faster triaging, and dedicate more resources to proactively identifying this type of abuse,” said a Discord spokesperson.
Slack responded as well, noting how many exe files through external links it had blocked since February, That platform was recently criticized for making it easy for users to harass other users repeatedly.
Biasini said organizations should just block links from Discord, as legitimate links aren’t used that often in that manner anyway. For organizations that don’t even use Discord or Slack, they should just avoid the links like any other unknown link and bypass the threat of malware altogether.
“It’s the same old stuff: don’t click links from people you don’t know. If you don’t know where this came from, don’t buy into it. If it sounds too good to be true, it probably is,” Biasini said. “If you have never clicked a Discord URL before, don’t start now.”
Read more about the recent criticism of Slack, which led it to quickly take down a new feature.