Researchers said the email message contained a malicious PPSX file attachment meant to attack subscribers of the CTA mailing list. “Given the nature of this malware and the targets involved, it is likely designed for espionage purposes rather than financial gain,” researchers Warren Mercer, Paul Rascagneres and Jaeson Schultz said in a Monday analysis. Researchers with Cisco Talos recently discovered emails spamming subscribers on the CTA’s mailing list. Researchers told Threatpost that they had no further information for now regarding the bad actor behind this campaign. ExileRAT is capable of siphoning information on the system (computer name, username, listing drives, network adapter, process name), pushing files and executing or terminating processes. In more and more offices, Slack and similar apps have become the conduit for all communication: people use the app to talk to each other individually or in groups, via text or video chat, to share files and links.
Even if your office hasn’t yet deployed any of these more overt forms of surveillance, it may already have the framework in place to flick a switch and begin inspecting your minute-to-minute choices, through software you use throughout every day. This hub was answering a request and usually I do not avoid people on the instant messenger, but there are a couple who send non-stop messages even if I say I am busy. For those willing, there are actually a whole host of apps that offer compensation in exchange for collecting your personal data, some of which have been helpfully aggregated on the r/BeerMoney forum. Slack also allows members to plug in all manner of software, including calendars, Google Docs, or project management apps. By requiring apps to hide participants, it would undermine authentication mechanisms, introducing new potential vulnerabilities and eroding user trust in the service. Just like with data use, you can’t hide battery drainage except by recharging the phone.