With the pandemic of the new coronavirus (SARS-CoV2) and the need to remain isolated, the global population started to resort to collaboration and communication platforms to keep in touch with their friends, relatives or co-workers. Slack, which was already one of the leaders in this sector, has grown even more over the past year; the same happened with Discord, which is focused on the gamer audience. However, some structural flaws in both services are being abused by criminals to spread viruses.
According to a recent survey by Cisco Talos, cyber criminals are taking advantage of the benign functionality of these environments to spread spyware, remote access trojans (RAT) and even ransomware, which hijack data and request a cash ransom. . Among the variants detected by the team of specialists, there are famous strains such as AgentTesla, AsyncRAT and Formbook – just to name a few.
What happens is that such communication platforms use content distribution networks (CDNs) to store files and allow the user to create public links to access them. “Files can be sent to Slack, and users can create external links that allow files to be accessed, regardless of whether the recipient has Slack installed or not,” explains Cisco. Through the trusted domain, the victim ends up clicking on the link that contains the malicious payload.
“One of the main challenges associated with delivering malware is ensuring that files, domains or systems are not removed or blocked. By taking advantage of these chat apps that are likely to be allowed, they are removing many of these obstacles and greatly increasing the likelihood that the attachment will reach the end user, ”say the researchers. Most of the time, the cargo is distributed in a compact form (.ACE, .GZ, .TAR, .ZIP etc.), which makes it even more difficult to identify.
Even more worrying is the fact that this type of activity has been observed in several languages, including English, Spanish, French, German and Portuguese. According to Cisco, the platforms themselves need to take steps to prevent such campaigns; however, the end user must also be aware and not open any link they receive, especially if it is from someone outside their circle of friends or professional environment.