Slack Bug Allows Remote File Hijacking, Malware Injection (May 20, 2019)
Tenable researcher David Wells discovered a vulnerability in the collaboration software, “Slack Desktop” client for Windows. The vulnerability is located in Slack Desktop version 3.3.7 and could be exploited by a threat actor by posting a custom hyperlink into a Slack channel or direct message that “changes the document download location path when clicked.” Threat actors could use this tactic to direct users to actor-controlled SMB servers, or to distribute malicious documents. Slack states that it has over 10 million daily users which makes it a potentially lucrative target from the perspective of a threat actor.
Recommendation: Slack has since released a new version, 3.4.0, for its desktop version for Windows that addressed this vulnerability. Windows users should update their Slack Desktop version as soon as possible to avoid potential malicious activity. This story shows the risk that could arise while using a popular software in your company because more users may cause it to be targeted more heavily by threat actors. It is paramount that your company have software maintenance policies in place because now that this vulnerability is reported on in open sources, it increases the likelihood that threat actors will attempt to exploit it.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.