New malware attack, Slingshot, has been living in peoples routers for six years
Slingshot is creating a wave of confusion and awe, all-in-one.
Researchers at Kaspersky Lab have stumbled onto a malware strain that could potentially be the next attack that cripples devices around the world. The new code, nicknamed Slingshot, spies on the infected PC through a multi-layer attack that targets MikroTik routers.
Slingshot starts off by replacing the device’s library file with a fake version that downloads numerous malicious files. Next, the virus sends off a two-pronged attack to the devices. The two attacks, Canhadr and GollumApp, work together to infiltrate and steal almost anything on your device.
These two pieces of code are impressive in their own right. Running hostile kernel code without crashing or freezing is impressive. Along with the fact they can store the malware files in an encrypted virtual file vault makes it all the more worrisome. Slingshot shuts components down as it suspects that forensic and diagnostic tools are in use. This defensive tactic is typical with most malware viruses, but Slingshot has run undetected since 2012.
The sophisticated software has led Kaspersky to believe that the virus is the creation of a state agency. Actually, Slingshot directly rivals the Regin malware that was used to spy on Belgian carrier Belgacom. The code is written in English, but that doesn’t point the finger. There is no general idea where Slingshot came from.
Users worried about Slingshot should know that MikroTik is pushing firmware updates as soon as they are ready. Even though Slingshot is only concealed to MikroTik routers, there is always a possibility of it reaching to other devices and providers. Make sure to keep your devices safe and clean by running virus protection and a firewall at all times.