Hidden For 6 Years, 'Slingshot' Malware Hacks Your PC Through Your Router

14 March, 2018, 04:50 | Author: Sammy Rose
  • Hidden For 6 Years, 'Slingshot' Malware Hacks Your PC Through Your Router

Security researchers at Kaspersky Lab discovered the malware, nicknamed Slingshot, that targets MikroTik routers through a multi-layer attack utilised to spy on users' PCs. According to Kaspersky's researchers, it is so advanced that it was likely a state-sponsored development.

The main objective of this malware does seem to be counter-espionage, Kaspersky notes patterns consistent with other such examples, but because it operates in kernel there are no limitations to the information it can collect. Credit card numbers, password hashes and identification codes (such as social security numbers), are just a few examples, but it is essentially any dataset.

"The discovery of Slingshot reveals another complex ecosystem where multiple components work together in order to provide a very flexible and well-oiled cyber-espionage platform".

The malware has been christened as Slingshot, which smartly exchanges the legitimate scesrv.dll file of the users with another a malicious one in the Windows library system. During these attacks, the group behind Slingshot appears to compromise the routers and place a malicious dynamic link library inside it, that is a downloader for other malicious components.

It can bypass security measures, such as Driver Signature Enforcement, by loading signed vulnerable drivers and running its own code through those security holes.

That includes a kernel-mode module called Cahnadr, and a user-mode module called GollumApp.

Kaspersky researchers found it can capture screenshots, keyboard data, network data, passwords, USB connections, other desktop activity, and clipboard data.

Patriots RB Dion Lewis to sign with Tennessee Titans
According to reports, Patriots running back Dion Lewis will sign a multi-year deal with the New England Patriots . NFL Network's Ian Rapoport reported Lewis' contract will make him one of the 10 highest paid running backs.


Crazy Volume Spikes for: Bank of America Corporation (NYSE:BAC)
The financial services provider reported $0.47 EPS for the quarter, topping analysts' consensus estimates of $0.44 by $0.03. ValuEngine downgraded Bank of America from a "buy" rating to a "hold" rating in a research report on Tuesday, January 16th.


Linda won't be a cyclone for long: Bureau
The warning comes after the north of Queensland has been devastated by floods which last week was declared a disaster situation. The Bureau of Meteorology expected Linda to be downgraded to a low-pressure system as it loses strength on Wednesday morning.


Over half the compromised computers were in Kenya and Yemen, with the remainder in Libya, Afghanistan, Iraq, Tanzania, Greece, Jordan, Mauritius, Somalia, Tunisia, Turkey, and United Arab Emirates.

Kaspersky didn't speculate as to why machines in these nations were targeted.

That's likely why a nation-state is behind the attack. However, the researchers did discover debug messages within the code that were written in flawless English. Coincidence? We're not so sure. Text clues in the code suggest it is English-speaking; however, accurate attribution is always hard, if not impossible to determine, and increasingly prone to manipulation and error. It's called Slingshot and it was recently discovered by Kaspersky Labs.

After a router is infected, the malware would load a couple of "huge and powerful" modules on the target's computer. Despite being in the wild since 2012 - and still being in operation during the last month - Slingshot has, until now, avoided detection. For example, it was able to hide from detection by using an encrypted virtual file system that as cloaked in an unused part of a hard drive. Slingshot is also capable of accessing the data on an infected machine's hard drive or internal memory due to the ability to access an operating system's kernel level.

"Slingshot is very complex, and the developers behind it have clearly spent a great deal of time and money on its creation", company researchers wrote. "Its infection vector is remarkable - and, to the best of our knowledge, unique", the researchers noted and explained that as of February 2018 Slingshot still appears to be active. And while the infected routers that have been identified will be fixed via software updates, there's no telling how many machines may have been affected.

"The malicious samples investigated by the researchers were marked as "version 6.x", which suggests the threat has existed for a considerable length of time", the team said in a blog post.

Recommended:

  • Kirk Cousins headed to Vikings in Jets crusher

    Kirk Cousins headed to Vikings in Jets crusher

    I'll also circle back and keep updating this post throughout Monday and beyond until there is a resolution. The 30-year-old will look to help steer the Broncos to a bounce-back season after they went 5-11 in 2017.
    Family Of Woman Killed In Yountville Tragedy Mourns Loss

    Family Of Woman Killed In Yountville Tragedy Mourns Loss

    He served in active duty from May 2010 to August 2013 and was deployed to Afghanistan from April 2011 to March 2012. Jerry Brown had offered the state's employee assistance program, which had already sent counsellors to the campus.
    Heather Locklear charged with battery of first responders

    Heather Locklear charged with battery of first responders

    The actress, 56 years old, was arrested, hospitalized and placed in police custody after being beaten with his may. Domestic violence charges against her boyfriend were dropped but four misdemeanour counts of battery were upheld.
  • JUST KIDDING: Selma Blair says Cameron Diaz not retired

    JUST KIDDING: Selma Blair says Cameron Diaz not retired

    Despite having a successful career, the actor suddenly stopping acting and she also seems to have no projects in the pipeline. However, Selma has since backtracked on her comments after the news hit headlines all over the world yesterday.
    India commits $1.4 billion for solar energy worldwide

    India commits $1.4 billion for solar energy worldwide

    New Development Bank and International Solar Alliance have joined hands to promote solar energy across the globe. He said the member countries of the ISA would ensure distribution of finance and expertise.
    'Buffy' revival a possibility, but only with creator Joss Whedon

    'Buffy' revival a possibility, but only with creator Joss Whedon

    However, the network has built up a reputation for bringing back their successful series. There are several Buffy the Vampire Slayer podcasts like "Buffering" or " Buffy Talk".
  • Seattle Seahawks Players Get Harassed Over Anthem Protests

    Seattle Seahawks Players Get Harassed Over Anthem Protests

    The players asked the woman for her name - she refused to identify herself - instead, babbling and cussing away. There's a lot of cross-talk, but it's clear the players are more bemused by the ranting woman than bothered.
    Wayne Rooney pens tribute to Michael Carrick on Twitter

    Wayne Rooney pens tribute to Michael Carrick on Twitter

    Carrick moved to the Old Trafford in 2006 from Tottenham Hotspur and won five Premier League titles and a Champions League with the Red Devils.
    Trump wants the USA  military to have a 'space force'

    Trump wants the USA military to have a 'space force'

    The President said the idea of an out-of-this-world battle squad started as a joke, before he warmed to the idea. After extensive politicking the US Congress passed the 2018 National Defense Authorization Act in November.
  • Don't believe the hype about the coming solar storm

    Don't believe the hype about the coming solar storm

    The initial news on the massive geomagnetic storm appeared on Monday, and soon after fired up Google News. The category rises from G1 to G5 with the increase in the intensity of the geomagnetic storms.

    NXP Semiconductors (NASDAQ:NXPI) Upgraded by BidaskClub to "Hold"

    Elizabeth Park Capital Advisors Ltd. holds 3.73% of its portfolio in Regions Financial Corporation for 631,470 shares. RBC Capital Markets maintained Endo International plc (NASDAQ:ENDP) on Tuesday, October 17 with "Hold" rating.
    Tottenham's Kane out until end of April

    Tottenham's Kane out until end of April

    Kane left the field against Bournemouth with an ankle problem and the damage remains unknown. Kane's history of injuries to his right ankle is a concern.


Popular

Houston Texans making 'strong run' at New England Patriots tackle, per report
Pittsburgh Steelers' right tackle Chris Hubbard is another nice option for the Giants as well reports ESPN's Jordan Raanan . He noted the Patriots will have stiff competition in signing Solder because Cleveland has "a ton of money to play with".

Twitch Offering More Free Games to Prime Subscribers Each Month
Twitch announces Free Games with Prime , which gives Amazon (NASDAQ: AMZN ) customers access to free games to download each month. There will be five games given away this month which includes Superhot, Shadow Tactics, Tales from Candlekeep, Oxenfree , and Mr.

This Is Us: our expectations for the Season 2 finale
While that was the signature event in these characters' lives, Tuesday's episode served notice that life goes on. We decided we wanted something that was sort of vintage in its own way, but very classic, but still contemporary.

Klopp confirms Liverpool boost for Old Trafford trip
Klopp picked out counter-pressing, good decision making and fantastic attitude as being vital for Liverpool at Old Trafford. Big rivalry for ages but in the last few years Man United were more successful than us, we respect that.

Buveur d'Air Claims The Champions Hurdle At Cheltenham
The concluding Close Brothers Novices' Handicap Chase went to Mick Channon's 13-2 shot Mister Whitaker, ridden by Brian Hughes. Last seen winning the Tolworth at Sandown, he quickened up well to deny Amy Murphy's Kalashnikov in the final few strides.

Geofencing Market Size & Share poised for growth
Market Size Forecast: Global Overall Size, By Type/Product Category, By Applications/End Users, By Regions/Geography. After a brief overview of the Global Smart Airports market , the report analyzes the market dynamics.

The Flash: Fans Haven't Figured Out Mystery Girl's Identity
As revealed before , Kennedy confirmed that there is more to her character and she will come back at least "one more time ". For her part, Patton is fine with getting to be a speedster for only a short amount of time .

Ross Stores (ROST) Stock Rating Lowered by Zacks Investment Research
Hilltop Holdings Inc increased Ishares Tr (EFA) stake by 27,118 shares to 96,423 valued at $6.60 million in 2017Q3. Fossil Group, Inc ., ( NASDAQ: FOSL ), showed a change of -7.64% and closed at $12.57 in the last trading session.

American are spending more on health care but why?
At the same time, America often had the worst population health outcomes, and worst overall health coverage. The findings were published March 13 in the Journal of the American Medical Association .

Arrieta ready to help Phillies win
The process of finding a new home may have taken longer than he expected, and he may not have gotten everything he wanted. "Maybe. The Phillies only have three players - Arrieta, Carlos Santana , and Odubel Herrera - under contract after next season.