A security-conscious IT administrator fell victim to a sophisticated social engineering attack on Slack, leading to the permanent shutdown of the TidBITS community’s public Slack group.

Key Points

• An attacker impersonated author Glenn Fleishman on Slack to trick a user into installing the OSX.Odyssey infostealer malware.
• The malware compromised the victim's system, exposing passwords, SSH keys, and API credentials before the device was remotely wiped.
• Slack’s transition from unique usernames to non-unique display names allowed the attacker to easily mimic a trusted profile.
• TidBITS is permanently closing its SlackBITS group due to the platform's lack of robust security controls for public, unvetted communities.
• The organization is migrating its real-time communication to Discourse, which offers granular trust levels and superior administrative logging.

Why it Matters

This incident highlights the inherent security risks of using platforms designed for internal corporate collaboration as public-facing community forums. It serves as a reminder that even experienced IT professionals can be compromised by targeted impersonation, emphasizing the need for platforms with strict user verification and administrative oversight.