Malware dubbed Slingshot targets its Victims through Routers

Researchers have discovered malware that has existed within Routers for the past six years without detection. It has infected at least 100 computers worldwide. The malware goes by the name of “Slingshot”. The name of the malware was found in recovered code samples. Kaspersky Labs published a report saying that the malware can perform advanced attacks.

The complexity of the malware shows a similar pattern that affected Belgian Telecom systems. Kaspersky Said:

“The discovery of Slingshot reveals another complex ecosystem where multiple components work together in order to provide a very flexible and well-oiled cyber-espionage platform,” Kaspersky Lab researchers wrote in a 25-page report published Friday. “The malware is highly advanced, solving all sorts of problems from a technical perspective and often in a very elegant way, combining older and newer components in a thoroughly thought-through, long-term operation, something to expect from a top-notch well-resourced actor.”

The Researchers said that SlingShot is using various methods including zero-day vulnerabilities to spread and has been active since 2012 at least. The Malware also remained operational throughout a 6 year period. The malware hides itself using an encrypted virtual filesystem which is located in unused parts for the hard drive thus isolating from the file system.

When an administrator logs in to configure the router, the router’s management software downloads and runs the malicious module on the administrator’s computer. The method used to hack the routers in the first place remains unknown, according to Kaspersky’s statement on Slingshot.

After infecting the router, Slingshot downloads an array of additional malware modules onto the device including two particularly sophisticated ones called Cahnadr and GollumApp that are linked and can support each other in gathering information.

Kaspersky has published an infographic showing the attack geography of the malware:

Take your time to comment on this article.

Source: ThreatPost, ArsTechnica

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients