Collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans (RATs) and other malware.
Both Discord and Slack allow users to upload files to their servers and create externally accessible links to those files, so that anyone can click on the link and access the file. In many cases, Cisco found, those files are malicious; the researchers list nine recent remote-access spy tools that hackers have tried to install in this fashion, including Agent Tesla, LimeRAT, and Phoenix Keylogger.