Security researchers from eSentire have uncovered a new attack technique dubbed the “Wiki-Slack attack,” which can be used to redirect business professionals to malicious websites. In this attack, threat actors select a Wikipedia topic likely to pique the interest of potential victims, then edit the Wikipedia page to add a legitimate referenced footnote.
Furthermore, manipulating Slack’s rendering of the shared Wikipedia article through minor grammatical changes creates hidden malicious links. When business professionals paste these articles into Slack channels, the malicious link is activated, potentially leading to browser-based malware infections. To execute this attack, three conditions must be met, involving the structure and content of the Wikipedia article.
Additionally, eSentire researchers emphasized that the footnote itself is not inherently malicious, but under specific conditions, Slack renders a hidden link that isn’t visible in the original Wikipedia page. The attackers behind the Wiki-Slack attack manipulate these conditions to entice Slack users into clicking the malicious link, which takes them to an attacker-controlled website housing browser-based malware.
At the same time, the researchers discovered over 1,000 instances of this unintended artifact. Attackers can exploit Wikipedia statistics to select pages with high traffic volume, making this technique a numbers game that can be rapidly scaled using ChatGPT or similar Large Language Models (LLMs).
Organizations are urged to remain vigilant against browser-based attacks that could result in malware infections. Implementing endpoint monitoring and reinforcing cybersecurity processes can help limit exposure to these types of threats.