Skip to Content
© Savconstantine | Dreamstime.com
Security & privacy

Watch out: Hackers are using messaging services to spread malware

Collaboration software and apps like Discord have become hugely popular, with millions of people working from home during the pandemic. As if a snooping boss isn’t enough to worry about, we now need to be cautious of cybercriminals.

Hackers are targeting these services with malware to steal personal and business information. Some of the threats spreading include Trojans, keyloggers and IoT attacks. Tap or click here for details on a nasty COVID vaccine scam making the rounds.

Researchers from Cisco’s Talos Intelligence revealed Discord and Slack are the new targets for cybercriminals. How bad is it? Estimates have pegged the number at 24 different variants a day. Keep reading for all the gruesome details.

Here’s the backstory

Discord and Slack’s ability to allow you to attach and send files to other users make it the perfect vehicle for malware distribution. But the infected files aren’t sent to others through the service.

Cybercriminals are making use of a rather sneaky way to infect others. By uploading malicious files to Discord’s Content Distribution Network (CDN), the hackers create a link to the hosted location. Sharing the link in an email with potential victims circumvents antivirus software, as it doesn’t detect it as malicious.

Since most people would trust a link that’s hosted on a collaboration app they are using, chances are high they will click on it.

“Many of the emails purport to be associated with various financial transactions and contain links to files claiming to be invoices, purchase orders and other documents of interest to a potential victim,” Talos Intelligence detailed in a blog post.

Criminals have also been using the ongoing pandemic as a way to reach victims. In one email, the sender impersonated the World Health Organization. The email contained a link to a supposed new COVID prevention document.

What can you do about it?

Your risk of infection increases if your company makes use of Discord or Slack daily. But that doesn’t mean that you should look for alternatives. There are several ways in which you can spot a cyberattack and stay safe.

  • Don’t click links or open attachmentsBe suspicious of unsolicited emails that contain links or attachments. If you don’t know the sender, don’t click on links or open attachments. They could be malicious phishing attempts.
  • Find more secure options – Look for safer alternatives to sharing files or folders than messaging services.
  • Protect your devices – Make sure that your antivirus software is up to date. Tap or click here for the best antivirus options for PC and Mac.

Keep reading

Think your boss is spying? Check for these programs and apps

Unemployment scams: Red flags someone stole your identity

Komando Community background

Join the Komando Community!

Get even more digital know-how and entertainment within the Komando Community! Watch or listen to The Kim Komando Show on your schedule, read Kim's eBooks for free, and get answers in the Tech Forum.

Join Now