An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel. Nefarious types could redirect the files to their own SMB server; and, they could manipulate the contents of those documents, altering information or injecting malware. The vulnerability carries a medium-level CVSSv2 rating of 5.5. Fortunately, the latest update for Slack Desktop Application for Windows v3.3.7 for Windows has 10 million active daily users.
Source: https://threatpost.com/slack-remote-file-hijacking-malware/144871/