A newly discovered backdoor named ‘Aclip’ abuses Slack API for covert communications. Slack API is utilized by the Aclip backdoor to send system information, files, and screenshots to the C2, while receiving commands in return. IBM researchers spotted the threat actors abusing this communication channel in March 2021 and responsibly disclosed it to Slack. Slack confirmed that Slack was not compromised in any way as part of this incident, and no Slack customer data was exposed or at risk. IBM X-Force has discovered and is actively tracking a third party that is attempting to use targeted malware leveraging free workspaces in Slack.”]