CATEGORIES
home News

Slingshot Malware Hiding In Routers For Years Is Now Executing Cyber Espionage Attacks

by Paul LillyMonday, March 12, 2018, 09:57 AM EDT
Router

Security researchers at Kaspersky Lab have discovered a rather nasty malware strain that has been hiding in certain wireless routers for over half a decade. Called Slingshot, the security researchers who discovered the malicious code believe the malware is part of a sophisticated cyberespionage campaign.

The malware is present in certain routers manufactured by MicroTik, though Kaspersky says it might also be affecting models by other brands as well. Part of what makes Slingshot particularly dangerous is that it uses a trick to run in kernel mode. This is almost impossible do to in updated operating systems, though Slingshot manages the feat by searching computers for signed vulnerable drivers, and then uses them to run its own malicious code.

"What makes Slingshot really dangerous is the numerous tricks its actors use to avoid detection. It can even shut down its components when it detects signs that might indicate forensic research. Furthermore, Slingshot uses its own encrypted file system in an unused part of a hard drive," Kaspersky says.

When running in kernel mode, Slingshot can give attackers complete control of the system without any limitations whatsoever. And unlike the majority of malware that tries to run in kernel mode, Slingshot can execute without crashing the system or causing a blue screen error.

There is also a user module aspect to Slingshot. This is described as being even more sophisticated, as it contains nearly 1,500 user code functions.

According to Kaspersky, Slingshot primarily focuses on spying activities, such as collecting screenshots, keyboard data, network data, passwords, USB connections, other desktop activity, clipboard contents, and more. And with full access to the kernel part of the system, attackers can essentially steal whatever they want, including credit card numbers, password hashes, social security account numbers, and anything else that is inputted and/or accessible.

Kaspersky has MicroTik aware of the malware and recommends that anyone using a MicroTik router to upgrade the firmware to the latest version as soon as possible. That advice is a good security practice regardless of your brand of router.
Tags:  Malware, security, routers, Slingshot
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment