News

Researchers discovered vulnerability in Windows-client of Slack messenger

Specialists from Tenable company disovered vulnerability in Windows-version of corporate Slack messenger (version 3.3.7) that enables changing file upload destination and steal files, change them or add malware programs.

The problem is in implementation of the protocol handler “slack://” in the application. With the use of specially formed link, published in Slack-channel, attacker can modify client’s setting, for example, change folder for download and point to folder that he controls. If victim follows the link, all downloads will get on the attacker’s SMB-server.

After changing of the established by default folder for downloads attacker can only steal the document, but also implement in it malware code. If user opens such document, his device will be infected, explained specialist David Wells.

At the same time, for successful implementation of URL attacker will even not have to subscribe on Slack-channel – link can get in channel through RSS-feed.

“I can publish a post in popular society Reddit; Slack users from all over the world are subscribed on it. This publication will include web-link, that will redirect user on the malware slack:// and will change settings if clicking on it”, – says Wells.

As it is noted, in similar situation will be shown notification that link initiates Slack start, so attack will be impossible, if user will not provide his agreement.

Slack team have already released fixed Slack 3.4.0 version for Windows. All users are recommended to install updates ASAP.

Source: https://www.techrepublic.com

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Lanatione.com Pop-up Ads

About Lanatione.com Lanatione.com pop-ups can not launch out of nowhere. If you have actually clicked…

10 hours ago

Remove Globalvpnnewse.top Pop-up Ads

About Globalvpnnewse.top Globalvpnnewse.top pop-ups can not open out of the blue. If you have actually…

10 hours ago

Remove Peeradsfeed.top Pop-up Ads

About Peeradsfeed.top Peeradsfeed.top pop-ups can not expose out of the blue. If you have clicked…

10 hours ago

Remove Poperblocker.com Pop-up Ads

About Poperblocker.com Poperblocker.com pop-ups can not introduce out of the blue. If you have clicked…

10 hours ago

Remove Globalvpnnewsu.top Pop-up Ads

About Globalvpnnewsu.top Globalvpnnewsu.top pop-ups can not launch out of the blue. If you have actually…

10 hours ago

Remove Swiftheadlines.site Pop-up Ads

About Swiftheadlines.site Swiftheadlines.site pop-ups can not launch out of nowhere. If you have clicked on…

11 hours ago