A fake Slack download is giving attackers a hidden desktop on your machine

This report details a typosquatting campaign that delivers a trojanized Slack installer which simultaneously installs a legitimate Slack client and a covert loader that contacts C2 (94.232.46.16:8081) to download and inject an HVNC payload into explorer.exe, enabling hidden remote desktop sessions; IOCs include two SHA-256 file hashes, the domains slacks.pro and debtclean-ua.sbs, and the C2 IP and port.