Kaspersky uncovers malware attacking through routers

Share
Kaspersky uncovers malware attacking through routers

Its router management software, Winbox, downloads DLLs from the router's file system and loads them directly into a computer's memory - an intended feature that Slingshot's developers exploited by adding a malicious library called ipv4.dll, which downloads the espionage tools.

Researchers at Kaspersky Lab have discovered a sophisticated advanced persistent threat (APT) that has been used for cyber espionage in the Middle East and Africa from at least 2012 until February this year.

Kaspersky Lab found sophisticated cyber-espionage malware, which is the more than most advanced malware hiding since almost six years in routers.

Slingshot was revealed by researchers at Kaspersky Lab as a Trojan horse, in that the malicious code piggybacked off compromised MikroTik routers. So yeah, it's pretty damn smart.

Cyber espionage appears to be the main aim of Slingshot, with analysis suggesting it harvests screenshots, keyboard data, network data, passwords, USB connections, other desktop activity, clipboard data and more. Despite only 100 systems found infected, Slingshot is sophisticated and no short of a "masterpiece" according to its discoverers.

It could also load powerful malware modules such has the Cahnadr and GollumApp, two modules able to support each other in an operating system's kernel, and user modes that enable information gathering and data exfiltration. However, we would tenuously speculate that the malware may have come from Western state-actors and was used to snoop on nations known to be hotspots of conflict, insurgency, or illicit activity.

The researchers haven't named Slingshot's country of origin but note the presence of debug messages written in flawless English, while various component names such as Gollum and Smeagol suggest the authors are fans of The Hobbit.

"Accurate attribution is always hard, if not impossible to determine, and increasingly prone to manipulation and error", Kaspersky's researchers said, so that's worth bearing in mind.

Slingshot appeared to spread through routers designed by Latvian company MikroTik, although Kaspersky has noted that other techniques, such as the exploitation of zero-day vulnerabilities, could have helped spread the threat. Slingshot then launches an attack on two fronts with Canhadr running low-level kernel code that lets it operate across a system and the GollumApp which focuses on the user-level, managing the file system to ensure the malware survives. Kaspersky says it has given MikroTik all its information and that MikroTik's software no longer downloads anything from the users' routers to their computers.

One incredibly sophisticated thing the malware did to hide its existence was to use an encrypted virtual file system located in an unused part of the hard drive. These include encrypting all strings in its modules, calling system services directly in order to bypass security product hooks, using a number of anti-debugging techniques and selecting which process to inject depending on the installed and running security solution processes.

"Slingshot is very complex and the developers behind it have clearly spent a great deal of time and money on its creation", said Kaspersky. "Its infection vector is remarkable - and, to the best of our knowledge, unique", the researchers write in the report, released Friday. We doubt the average Joe has to worry about the malware given it looks like it was acutely targeted.

Share

Advertisement

Related Posts

Tite Announces Squad for Russian Federation and Germany Friendlies
Tite's side will first play against Russian Federation on 23 March before facing Germany four days later. Neymar has undergone successful surgery on his broken foot and is now recovering in Brazil.

Suspicious substance at United Kingdom parliament was not hazardous - spokesman
According to reports, the substance deemed to be suspicious was found inside a package received by an MP's office in the building. "We are aware of a potential situation involving a suspicious substance which the Met Police are investigating".

Mourinho happy with referee's decision to not send off Klopp
And United stars were snapped training today in a final session at Carrington ahead of the big game. Forward Anthony Martial could return at Old Trafford after missing two matches.

Teo y Junior despiertan a tiempo ante Cali
Poco pudo hacer Nicolás Benedetti , el más claro del Cali pero que no pudo ante el poderío del Junior . Generamos opciones de gol parejas en el primer tiempo.

Poster and trailer for Sorry to Bother You starring Lakeith Stanfield
Sorry to Bother You doesn't have a United Kingdom release date confirmed yet, but it's hitting the States this summer on July 6. Patton Oswalt , David Cross , and Tom Woodruff Jr are also part of the large ensemble cast.

Mega Millions, Powerball jackpots for Tuesday and Wednesday total $738 million
Cash payout options would be an estimated $248.7 million and $187.6 million for the Powerball and Mega Millions respectively. A winning Powerball ticket was sold in New Orleans for Saturday's drawing, according to the Louisiana Lottery Corp.

Andre Gomes: 'Life at Barcelona is hell'
Barcelona midfielder Andre Gomes has admitted he is ashamed about his performances for the La Liga side and sometimes feels afraid to leave his house.

Corning Incorporated (NYSE:GLW) Holdings Cut by American International Group Inc
The stock has "Mkt Perform" rating by Bernstein on Wednesday, February 1. (NASDAQ:AERI) on Thursday, July 20 with "Buy" rating. Following the transaction, the insider now owns 136,032 shares of the company's stock, valued at approximately $4,410,157.44.

'Hearthstone' The Witchwood New Expansion: Can You Survive?
The Witchwood card reveal livestream will begin at 11:00 am PDT on March 26 on the official Hearthstone Twitch.tv channel. Baku the Mooneater provides the opposite effect for odd cost cards. (3) Phantom Militia (2/4): Echo .

Green Bay Packers rumors: Jimmy Graham on radar
Green Bay already has receivers like Davante Adams, Jordy Nelson, and Randall Cobb for Rodgers to work with. Graham caught 26 touchdowns during his final two seasons in New Orleans with Drew Brees at quarterback.

© 2015 ExpressNewsline. All Rights reserved.