Newly discovered malware targets routers

Newly discovered malware targets routers

Instead, it resides on a router. The team at Kaspersky believes activity started in at least 2012, and was active at the time of analysis in February six years later.

The researchers haven't named Slingshot's country of origin but note the presence of debug messages written in ideal English, while various component names such as Gollum and Smeagol suggest the authors are fans of The Hobbit. And while the infected routers that have been identified will be fixed via software updates, there's no telling how many machines may have been affected. "Taken together, these clues suggest that the group behind Slingshot is likely to be highly organized and professional and probably state-sponsored".

Unlike other less sophisticated pieces of malware, Slingshot is able to steal keystrokes, passwords, screenshots and nearly any information it wants from a users' system because of how well it was created to avoid detection which is why it has existed on the web since 2012.

The researchers haven't discovered how Slingshot infects MikroTik routers to use the WinBox bridge to the PC, however they note in a technical paper that WikiLeaks' Vault 7 leak of Central Intelligence Agency hacking tools did reference an exploit for MikroTik's router OS called ChimayRed.

According to Ars Technica, the sophistication of Slingshot rivals similarly advanced malware apps, including Regin, a backdoor that infected Belgian telco Belgacom and other targets for years, and Project Sauron, a separate malware that also remained hidden for years.

Over half the compromised computers were in Kenya and Yemen, with the remainder in Libya, Afghanistan, Iraq, Tanzania, Greece, Jordan, Mauritius, Somalia, Tunisia, Turkey, and United Arab Emirates. The two modules are connected and able to support each other in information gathering, persistence and data exfiltration. Interestingly enough, the vast majority of these instances are individuals not organizations or governments (though there are a few examples of the latter two). Kaspersky did not identify the malware's creators but said that debug messages were written in ideal English, suggesting developers spoke that language.

Slingshot protects itself by storing all of its malware files within an encrypted virtual file system and by encrypting every text string used in its modules.

According to Kaspersky's FAQ on Slingshot, the GollumApp module features almost 1,500 functions. It even shut down certain components when forensic tools were in use on the device. "Its infection vector is remarkable - and, to the best of our knowledge, unique".

Related News:



Most liked

Yankees agree to deal with Neil Walker
Now Walker joins a Yankees team that has plenty of depth within its infield, though he will likely be the starter at second base. Torres has been a disappointment, as he hasn't hit at all (.130, 3-for-23), and he's a sure bet to open the season in Triple-A.

Caxton Associates LP Boosts Position in Check Point Software Technologies Ltd. (CHKP)
After $0.39 actual EPS reported by The Coca-Cola Company for the previous quarter, Wall Street now forecasts 20.51% EPS growth. The stock of Check Point Software Technologies Ltd. (NASDAQ:CHKP) earned "Hold" rating by Evercore on Tuesday, December 15.

'We Have No Plans To Execute Coup', Military Fires Back At Ekweremadu
He said the action was taken with a view to forestalling possible indoctrination of other officers. "Our democracy is evolving and we all must be patient to see it mature to a stage that will be the envy of all", he pointed out.

Ekweremadu denies report completely — Military coup
We also are talking about Kwankwaso, who was stopped from going to his state where he ruled for eight years. The party is planning to hold its non-elective national convention in April.

Farfetch poised to make £4bn IPO after hiring United States banks
Much of the online marketplace's capabilities were showcased at its inaugural conference in London one year ago. It aims to reach more customers online with the Farfetch deal, through which it will offer a selection of items.

Pennsylvania Republicans Warn Trump to 'Stay Away' During Mid-Terms
Trump thinks Saccone is a awful , "weak" candidate, according to four sources who've spoken to the president about him. But, for the most part, the speech was a vehicle for Trump to talk about Trump. "Time and place to be determined".

Sather Financial Group Inc Acquires Shares of 9000 Intel Co
Intel accounts for approximately 3.5% of Needelman Asset Management Inc.'s portfolio, making the stock its 7th largest holding. Following the sale, the vice president now owns 6,472 shares of the company's stock, valued at approximately $301,336.32.

Rajya Sabha nominations: Congress' Naransinh Rathwa, Amee Yagnik file from Gujarat
He served as the Co Vice-Chairman of the Central Advisory Board for Child Labour under the Ministry of Labour and Employment. The Congress has fielded Dr L Hanumanthaiah , Dr Syed Naseer Hussain and G C Chandrasekhar.

Congress announces two more candidates for RS polls
Union minister Ravi Shankar Prasad and five others today filed their nominations for Rajya Sabha elections in Bihar. Congress President Rahul Gandhi approved the list for the the March 23 Rajya Sabha polls, the party said.

Ukraine wins 4 more medals at Paralympics
This year, Paralympic athletes from Russian Federation have to compete under the name " Neutral Paralympic Athletes " (NPA). This is Yarovyi's second Paralympic Games and his fourth medal. "During these four years, I gained enough experience".

Who will Charlotte Flair be facing at WrestleMania?
These are two of the top superstars in the entire company, and are personally my two favorite female competitors on the main roster.

How To Manage Time In Examination Hall While Writing CBSE Exam 2018
The students coming out of the examination hall claimed that all questions were from the syllabus and easy to understand. Meanwhile, the Punjab School of Education Board (PSEB) also conducted English exam for class 10 students on Monday.

National Football League free agent rumors: Dolphins to release DT Ndamukong Suh
He posted a cryptic tweet early Monday morning from Seattle, 5:25 a.m. local time, to be exact, apparently en route to a workout. Suh spent the first five seasons of his career with the Detroit Lions and the last three with Miami.

Lahore Qalandars knock down Karachi Kings in Super Over
Simmons, Inrgam and Shahid Afridi just managed 8 runs in the over with Narine also picking up the wickets of Ingram. Qalandars' Agha Salman contributed 50 off 45, but it was a fiery blitz by Sohail Akhtar which changed the game.

Government Confirms Online Porn Age Checks Delay
The system was developed by Pornhub's parent company Mindgeek and will work across multiple sites after initial registration. The Department of Culture, Media and Sport announced the delays to the introduction of the system over the weekend.