We regularly ear in the news cybercriminals are now targeting communication platforms like Discord and Slack. Their objective? Stealing credentials. This might appear puzzling since these platforms aren’t exactly repositories of financial information. So, what do they stand to gain?
The answer lies in the intricate cybercriminal ecosystem and their crafty strategies. In this blog post, we will delve deep into the motivations and use-cases of cybercriminals who go after Discord and Slack credentials, unraveling the economic implications and exploring the tactics they employ.
Tapping into Communication Channels
The Value of Private Conversations
Discord and Slack aren’t just communication channels; they’re virtual meeting spaces where conversations flow freely, ideas are brainstormed, and sensitive information is sometimes exchanged. Infiltrating these spaces gives cybercriminals access to a wealth of information, which can be exploited in a variety of ingenious ways.
Insider Information and Exploitation
In corporate settings, these platforms might be used to discuss strategies, future projects, or even confidential data. Having access to such information, cybercriminals can engage in corporate espionage, insider trading, or even sabotage, causing significant damage to the organization and its reputation.
Accessing Associated Platforms
Furthermore, Discord and Slack are often integrated with other services such as Google Drive, OneDrive, or GitHub. Stolen credentials could potentially provide cybercriminals with a pathway to these associated platforms, resulting in larger data breaches.
Exploiting Trust and Reselling Stolen Credentials
Impersonation and Trust Breach
Possessing someone else’s credentials gives cybercriminals the power to impersonate legitimate users. This trust exploitation can be used to circulate malicious links, conduct phishing attacks, or even manipulate conversations to their advantage.
The Dark Market for Credentials
Stolen credentials have a thriving market in the underworld of the internet. Discord and Slack credentials are hot commodities because of the varied exploitative possibilities they offer. Data thieves often sell these credentials to other criminals who specialize in exploiting them, thus driving the demand.
The Power of Blackmail and Ransom
In more severe cases, cybercriminals can use stolen credentials to hold a user or an organization to ransom. With access to sensitive conversations and data, they can threaten to expose compromising information unless their demands are met.
The Emerging Threat – Skuld Malware
Skuld Malware: The New Player
A new player has entered this dangerous game – a Golang-based information stealer named Skuld. Skuld is capable of compromising Windows systems worldwide, siphoning off sensitive information from applications like Discord and web browsers.
Skuld malware, sharing similarities with open source Creal Stealer (repo), Luna Grabber (repo), and BlackCap Grabber (repo), showcases the quick repurpose and flourishing choices of cybercriminals’ tools. Its primary targets are web browsers and user profile folders, extracting cookies, and credentials of course.
The Growing Popularity of Go
The emergence of Skuld points also to a growing trend among cybercriminals – the adoption of the Go programming language. Its simplicity, efficiency, and cross-platform compatibility make it an attractive option for crafting malware that targets multiple operating systems.
The theft of Discord and Slack credentials is in line with previous monetization-driven characteristics of cybercriminals, revealing their adaptability and cunning strategies to extract always more value from the legal world.
By understanding their motivations and methods, we can better fortify our cybersecurity defenses. At the same time, we must remember that cyber-awareness and vigilance play crucial roles in combating these threats. Stay informed, stay alert, and most importantly, stay safe in the digital world.