Sci-tech

Newly discovered malware targets routers

Newly discovered malware targets routers”

The malware has been around for six years, Kaspersky claims, but has only infected around 100 devices worldwide.

The so-called Slingshot malware was first spotted by researchers at Kaspersky Lab.

"Since this library is loaded by "services.exe", a process that has system privileges, the poisoned library gained the same rights".

Here's what Kaspersky Lab discovered, in an exhaustive 25-page research paper (and a much more digestible FAQ): Slingshot is a piece of malware that can compromise any device on a network, down to the deepest kernel levels. "Taken together, these clues suggest that the group behind Slingshot is likely to be highly organized and professional and probably state-sponsored".

"The malware is highly advanced, solving all sort of problems from a technical perspective and often in a very elegant way, combining older and newer components in a thoroughly thought-through, long-term operation, something to expect from a top-notch well-resourced actor", the researchers write.

Slingshot worms its way onto a machine by replacing the legitimate Windows dynamic link library with a malicious version. So yeah, it's pretty damn smart.

Two areas which Kaspersky believes to be particularly advanced are a kernel mode module called Cahnadr and GollumApp, a user mode module.

According to Kaspersky, the analysis suggests it collects screenshots, keyboard data, network data, passwords, the USB connections, other desktop activity, clipboard data and more, although its kernel access means it can steal whatever it wants. Considering Slingshot has access to sensitive data, it's not worth brushing off if there's a possibility the system you're using could be infected.

The majority of compromised computers were located in Kenya and Yemen, but the researchers detected infected systems in Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia and Tanzania.

Use a proven corporate grade security solution in combination with anti-targeted attack technologies and threat intelligence, like Kaspersky Threat Management and Defense solution (https://goo.gl/ea1ZqV). However, we would tenuously speculate that the malware may have come from Western state-actors and was used to snoop on nations known to be hotspots of conflict, insurgency, or illicit activity. But text within Slingshot's code is written in flawless English, with apparent references to J. Coincidence? We're not so sure. However, accurate attribution is always hard, if not impossible to determine, and increasingly prone to manipulation and error.

The malware is present in certain routers manufactured by MicroTik, though Kaspersky says it might also be affecting models by other brands as well.

It then launches an attack on the target PCs.

Mikrotik does sell a handful of routers in the USA, but even if you're one of the twelve or so people who own one, there's no evidence that Slingshot has targeted any systems in the West.

"Slingshot is very complex and the developers behind it have clearly spent a great deal of time and money on its creation. Its infection vector is remarkable - and, to the best of our knowledge, unique", the researchers noted and explained that as of February 2018 Slingshot still appears to be active.



Like this

loading...

Latest


13 March 2018
Will The Goldman Sachs Group, Inc. (GS) Run Out of Steam Soon?
Bonness invested in 4,300 shares or 0.73% of the stock. (NYSE:GS) shares with value of $1.17 million were sold by ROGERS JOHN F.W. The firm has a market capitalization of $102,860.00, a price-to-earnings ratio of 13.57, a PEG ratio of 0.98 and a beta of 1.32.

13 March 2018
'Terror funding': NIA summons TR Zeliang for questioning
Fourteen government departments in Nagaland are under the NIA's scanner, people familiar with the matter said. The three officers complied and appeared before the NIA Officer concerned at the Guwahati NIA Branch Office.

13 March 2018
Missing epidemiologist was not passed over for promotion — CDC chief
Atlanta police say he left all his personal belongings behind, including his keys, wallet and even his dog. Cunningham told co-workers February 12 he wasn't feeling well and had been denied a promotion.

13 March 2018
Bride driving to her wedding arrested for DUI
The wreck occurred about 10:30 a.m. near North Thornydale and West Orange Grove roads, Marana police spokesman Sgt. Young, according to KVOA , was brought to the police station for a blood sample, and was released to her fiancé.

13 March 2018
Second cyclist dies in Cape Town Cycle Tour
A Rotary marshal , stationed on an S-bend after the Llandudno turnoff, passed away, having been admitted to hospital. In my 28 years working on the Cycle Tour, there have been only two trauma-related deaths on the day of Cycle Tour.

13 March 2018
Pixel Buds Could Get New Gestures Commands In Future Update
Keep in mind that Google may or may not ever ship these features, and our interpretation of what they are may be imperfect. Meanwhile, a string of code reveals that there will be a new "Triple Tap" command that manually turns off the headphones.

13 March 2018
Gupta firms could seek damages against Bank of Baroda - court
He likened the application by the Gupta companies to a failing marriage where one party refuses a divorce due to their own interests.

13 March 2018
The Crimes of Grindelwald
There's also a new social media campaign asking fans to post photos of themselves with their wands, called #WandsReady. The teaser begins by showing the very first chapter from Harry Potter and the Sorcerer's Stone.

13 March 2018
NIA raids Srinagar central jail, Seizes Pak flag and extremist material
Two policemen guarding the LeT militant were killed by Naveed and another militant before Naveed escaped from the spot. Well-trained teams used deep search metal detectors to search all the barracks and the open ground.

13 March 2018
Earnings Analysis Of General Motors Company (GM)
Institutional investors have recently bought and sold shares of the stock. 118 funds opened positions while 525 raised stakes. The stock of General Electric Company (NYSE:GE) has "Buy" rating given on Wednesday, October 11 by RBC Capital Markets.