Slingshot malware attacking router-connected devices since 2012 without detection
Researchers from Kaspersky Lab uncover exposed a malicious loader named Slingshot, which is vigorously attacking clients through routers for the past six years without even being detected.
Characteristically, the routers download and function many DLL (dynamic link library) documents from the devices. The hackers used routers to devise a malicious DLL to the package of another rightful DLLs. These malevolent DLLs cooperate with the connected devices by targeting the memory.
The liabilities were uncovered in routers made by MikroTik. The clients of MikroTik routers run WinBox Loader software for router connectivity. When this software is made functional, the device is then connected to an isolated server to download the Slingshot virus. Researchers say that this malware involves two modules called Canada and GollumApp, which enable data theft.
Canada is a seed mode module that deals with the complete and overall control of the affected computer to the attacker with no limits. It can carry out harmful code in the scheme without causing a blue screen.
GollumApp is a consumer mode module that contains around 1500 user-code functions. Using these modules, Slingshot can crop screenshots, keyboard data, network data, passwords, and desktop activities.
What makes Slingshot dangerous is the numerous tricks its actors use to avoid detection. It can even shut down its components when it detects signs that might indicate forensic research. Furthermore, Slingshot uses its an encrypted file system on an unused part of a hard drive,” as was noted by the researchers of Kaspersky.
These researchers have also stated that Slingshot is a complicated malware and developers who founded it might have spent a huge amount of time and money. “Its infection vector is remarkable – the best of our knowledge.”
For more information, you can visit: Ideastack