Pagoda Blog

The Downside of Remote Work: Rise in Malware Links on Discord and Slack

January 20, 2022

During the pandemic, with the fast growth of the remote workforce, people have been flocking to online collaboration platforms, particularly Discord and Slack. These platforms give team members, families, and friends a convenient and private space to connect personally and collaborate professionally. Unfortunately, hackers are taking advantage of both the number of users (e.g. targets) and the high level of trust placed in these spaces. 


How cybercriminals are infiltrating Discord and Slack 

Hackers are using links shared in Discord and Slack to install malware on users’ devices. These links appear to come from a trusted source, like a friend or colleague, but in fact are malicious and when clicked, install malware onto the user’s device. One way this malware is being used is to steal the Discord authentication token from your device. This allows the hacker to impersonate you on Discord, share more malicious links, and infect more devices. 


According to an interview with WIRED, Cisco Talos security research Nick Biasini says, "People are way more likely to do things like click a Discord link than they would have been in the past, because they’re used to seeing their friends and colleagues posting files to Discord and sending them a link. Everybody’s using collaboration apps, everybody has some familiarity with them, and bad guys have noticed that they can abuse them."


Cybercriminals are also using Discord as a way to remote-control infected devices and steal data. They do this by writing code with a “webhook” that allows them to automatically relay information from infected devices to their “command-and-control” server via a Discord channel. These messages between Discord and the hacker’s server are hard to track because Discord uses HTTPS to encrypt messages sent through its platform. 


The other primary method of infiltrating Discord and Slack is through their file hosting feature. Users can upload a file to Discord or Slack (such as a video or work document) and the platform creates an externally accessible link, allowing anyone to click and access that file. This feature allows hackers to create malicious links that they then either share on Discord or Slack. They can also share the links through a phishing email, which means you don’t even have to use a collaboration platform to be a target. 


The malware comes in many forms, from ransomware to cryptocurrency mining programs. The links used to deliver the malware may be what looks like a trustworthy link to a work document, news story, or, most commonly, a fake video game. The method of delivery, a form of social engineering that exploits our trust in people we know, underscores the importance of training your entire team in cybersecurity.  


What Slack and Discord are doing to improve security 

According to WIRED, Discord “proactively scans for malware in files that are hosted on its platform, takes down any hosted malware that's reported to it by users or security researchers, and seeks to identify groups of users who are abusing its tools for cybercriminal purposes.” 

Slack is also working to reduce the number of malware infections by blocking users from sharing .exe files via external links and by blocking suspicious files on Slack Connect. Both platforms are actively working to improve security and make it easier to scan for and identify malicious links. 


How to use Discord and Slack safely 

It’s unrealistic to simply abandon the use of collaboration platforms like Discord and Slack. Remote work for many companies is here to stay, and we need effective communication tools to stay connected. Besides, email has its own range of security issues and facing malware and other cybersecurity threats is just part of navigating a rapidly evolving digital landscape.  


When using collaboration platforms, it’s important to simply be aware of the threat and view all links with a healthy dose of skepticism. Don’t blindly trust a link just because it appears to come from someone you know. If a link feels out of place or unexpected (why is Fred from HR suddenly sending me video games on Discord?), don’t click it. You should be especially wary of links generated by Discord and Slack. (Remember that file hosting feature we mentioned?) Biasini from Cisco recommends never clicking one of those links, just to be safe.    


Feature photo by LinkedIn Sales Solutions on Unsplash


Related reading: 

5 Ways a Data Breach Can Cause Long-Term Damage to Your Business

How to Create a BYOD Policy for a Hybrid Workplace

8 Common Mistakes Made by Small Business Owners 


Want to get more posts like these once a month in your inbox? Sign up for the Pagoda newsletter and sharpen your technical skills, from cybersecurity to digital marketing



Want IT to serve you better?





About Pagoda Technologies IT services

Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at to schedule a complimentary IT consultation.

Return to Pagoda Blog Main Page

As your trusted IT service partner, Pagoda Technologies is here to help you achieve your near and long-term business goals through reliable and affordable IT support. 

Pagoda Technologies

101 Cooper Street

Santa Cruz, CA 95060


Contact us for a free IT consultation



Get in touch 

Join our newsletter

Want IT to serve you better? 




Follow Us

Facebook LinkedIn LinkedIn