Slingshot malware attacks PCs through routers

Sophisticated malware attacks through routersMore

Dubbed Slingshot, the malware has a modular architecture and is on par with state-sponsored attack platforms including Project Sauron and Regin as far as sophistication goes, according to researchers from Kaspersky Lab.

Security researchers have discovered a new malware framework that's used for cyberespionage and is delivered to computers through hacked MikroTik routers. According to researchers, numerous techniques used by this threat actor are unique and it is extremely effective at stealthy information gathering, hiding its traffic in marked data packets that it can intercept without trace from everyday communications. This triggered a detection that turned out to be an infected computer with a suspicious file inside the system folder named scesrv.dll. This allows the malicious code to be loaded with system privileges by the operating system while evading detection. The researchers realised that a highly advanced intruder had found its way into the very core of the computer.

Unsurprisingly, Slingshot looks like it was used for espionage purposes, though no specifics have surfaced yet.

The malware is present in certain routers manufactured by MicroTik, though Kaspersky says it might also be affecting models by other brands as well.

The exact attack vector is not clear, but Slingshot replaced a Microtik software called Winbox with a compromised, almost identical version.

"Among the malware Slingshot used were two masterpieces: a kernel mode module called Cahnadr and GollumApp, a user mode module".

The two modules, according to researchers, are connected and able to support each other in information gathering, persistence and data ex-filtration.

IRGC Quds Force Foils Terrorist Attack in Southeastern Iran
The Quds forces foiled the terrorist attack on the Saravan military base in Sistan and Baluchestan province. One of the assailants was driving a truck loaded with explosives and the other had a suicide belt.

Slingshot's main objective seems to be cyberespionage.

Unlike other less sophisticated pieces of malware, Slingshot is able to steal keystrokes, passwords, screenshots and nearly any information it wants from a users' system because of how well it was created to avoid detection which is why it has existed on the web since 2012. Running in kernel mode, Cahnadr gives attackers complete control, without any limitations, over the infected computer.

"Slingshot is very complex, and the developers behind it have clearly spent a great deal of time and money on its creation", company researchers wrote. Text clues in the code suggest it is English-speaking.

"Accurate attribution is always hard, if not impossible to determine, and increasingly prone to manipulation and error", Kaspersky's researchers said, so that's worth bearing in mind. Kenya and the Yemen account for most of the victims observed so far. The second module, GollumApp, is even more sophisticated. The malware has been around for six years, Kaspersky claims, but has only infected around 100 devices worldwide.

All Kaspersky Lab products successfully detect and block this threat. If you're running a Mikrotik router and haven't updated the firmware in the last, well, six years, you should download the appropriate package from its website.

Use a proven corporate grade security solution in combination with anti-targeted attack technologies and threat intelligence, like Kaspersky Threat Management and Defense solution (https://goo.gl/ea1ZqV).

Related:

  • Tite Announces Squad for Russian Federation  and Germany Friendlies

    Tite Announces Squad for Russian Federation and Germany Friendlies

    Willian Jose, a 26-year-old striker , was rewarded for his good season at Spanish side Real Sociedad with his first call up to the national side.

    Bristol-Myers Squibb (BMY) Downgraded by TheStreet to C+

    Shelton invested 0.35% in The Goldman Sachs Group, Inc. (NYSE:ABBV). 17,760 were reported by First Personal Finance Services. The rating was reinitiated by Janney Capital with "Neutral" on Wednesday, April 27. (NYSE:QTS) rating on Monday, October 16.
    'Ashamed' Gomes opens up on hellish time at Barca

    'Ashamed' Gomes opens up on hellish time at Barca

    In training, I am generally relaxed although there can be days when I feel a little low on confidence and it's noticeable. Since his arrival at the Camp Nou, he says he doesn't "feel good on the field" and that he doesn't enjoy it.
  • Judge says New Hampshire Powerball winner can keep identity private

    Judge says New Hampshire Powerball winner can keep identity private

    They said she would give $150,000 to Girls Inc. and $33,000 apiece to three chapters of End 68 Hours of Hunger in the state. The winning ticket was sold at Reed's Ferry Market in Merrimack, N.H., for the January 6 drawing.
    ANC stalwarts 'hopeful' after meeting with Ramaphosa

    ANC stalwarts 'hopeful' after meeting with Ramaphosa

    "He is still ANC down deep in his heart", said Ramaphosa during a voter registration drive in Centurion, near Pretoria. Ramaphosa said Malema's rejection of his invitation to return to the ANC was not unexpected.

    Brokerages Expect Take-Two Interactive Software Inc (TTWO) to Post $0.66 EPS

    JFS Wealth Advisors LLC purchased a new position in Take-Two Interactive Software in the 4th quarter worth approximately $110,000. It has outperformed by 64.53% the S&P500.The move comes after 9 months negative chart setup for the $13.12 billion company.
  • Goldman Sachs Group INC (GS) Shareholder Natixis Raised Its Position

    Goldman Sachs Group INC (GS) Shareholder Natixis Raised Its Position

    Public Sector Pension Investment Board decreased Goldman Sachs Group Inc (GS) stake by 60.09% reported in 2017Q3 SEC filing. Blue Edge Capital Llc increased Ishares Msci Canada (EWC) stake by 727 shares to 90,206 valued at $2.61 billion in 2017Q3.

    Analysts' Views: Duke Realty Corp (DRE)

    Employees Retirement Association Of Colorado holds 0.02% of its portfolio in Duke Realty Corporation (NYSE:DRE) for 72,506 shares. The firm owned 264,406 shares of the real estate investment trust's stock after selling 19,251 shares during the period.
    Hillary on Trump-Putin Ties: 'Follow the Money'

    Hillary on Trump-Putin Ties: 'Follow the Money'

    Clinton's defeat in 2016 came down to about 80,000 votes between three states: Pennsylvania, Michigan, and Wisconsin. Clinton has frequently talked about the election results and Trump's presidency in speeches after the election.
  • Hurricanes heading to NCAA tournament for third straight year

    Hurricanes heading to NCAA tournament for third straight year

    From 1998-2000 is the only other time in program history that the Hurricanes have gone to the big dance three years in a row. Beginning Jan. 7, Loyola-Chicago won 14 of its last 15 games, earning the top spot in the Missouri Valley Tournament.
    Pressure grows on Joy Behar over anti-Christian remarks

    Pressure grows on Joy Behar over anti-Christian remarks

    Behar, that the Christian faith is akin to a unsafe mental illness?" Iger answered him by saying, "I don't know where I start". Hannity told Pence that his faith also taught him to forgive but added, "I'm not as good at it as you".

    Analyst rating score for ZIOPHARM Oncology, Inc. (ZIOP) stands at 2.50

    Its up 0.17, from 1.1 in 2017Q2. 84 funds opened positions while 244 raised stakes. 59 are held by Hanson Mcclain Incorporated. Kistler stated it has 0.04% in Monsanto Company (NYSE:MON). (NYSE:CMI) for 1,700 shares. (NYSE:CMI) for 1,281 shares.

Comments

Latest news

Gilbert, Scottsdale rank among happiest in U.S. , according to WalletHub study
And to celebrate, they've surveyed more than 180 of America's largest cities to find out which was the happiest. The study looked at depression rate, suicides, separation and divorce rates, sleep and commute time.

Details emerge after disappearance of girl, 16, and her friend's father
Police have called the relationship "secretive". 'The mom explained she is a single mother, ' Hammer told ABC News . They believe Yu added Esterly to her school emergency contact list as a stepfather to allow him to pick her up.

Terror funding: NPF sniffs vendetta in NIA summon to Zeliang
A few days ago before the elections in the Nagaland , NIA had also summoned 3 senior officials from his CMO for the questioning. A notice sent to Zeliang on March 11 has asked him to appear before the investigating officer at the NIA headquarters in Delhi.

#WandsReady - Fantastic Beasts: The Crimes of Grindelwald Trailer Tease
The film stars Eddie Redmayne , Katherine Waterston , Dan Fogler , Alison Sudol , Ezra Miller , with Jude Law and Johnny Depp . But Dumbledore will need help from the wizard who had thwarted Grindelwald once before, his former student Newt Scamander.

The Stock Traders Buy High Volume of Matador Resources Call Options (MTDR)
Accern ranks coverage of publicly-traded companies on a scale of -1 to 1, with scores nearest to one being the most favorable. Louisiana-based Louisiana State Employees Retirement System has invested 0.03% in Matador Resources Company (NYSE:MTDR).

Houston Rockets: 5 reasons they will win the NBA Championship in 2018
The Rockets failed to make a single three-point attempt in the first quarter and made just nine on the night. Houston opened as a 13-point favorite, while the Over/Under (O/U) for the game has been set at 214 points.

Governor Brown writes letter to President Trump day before visit to California
His administration and the state's Democratic leadership have repeatedly clashed over immigration, environmental and other policies.

Freeport-McMoRan (NYSE:FCX) Receiving Somewhat Positive Press Coverage, Study Finds
Navellier Inc reported 28,525 shares or 0.13% of all its holdings. (NYSE: FCX ) on Tuesday, February 21 with "Neutral" rating. Aperio Grp Limited Company has invested 0.05% of its portfolio in Freeport-McMoRan Inc. (NYSE: FCX ) for 353,838 shares.

Winter weather alert issued in Central NY for 'long-duration' snowfall
Roads will likely be the most slipper Tuesday night into the start of Wednesday and again late Wednesday into Wednesday night. The National Weather Service has issued a winter weather advisory for Jefferson, Lewis and Oswego counties.

Indian Wells: Yuki Bhambri defeats Pouille, faces Querrey next
He had finished runner-up at Dubai Duty Free Tennis Championships (ATP 500) earlier this month. Riding high on confidence, Bhambri will be looking to survive another day in Indian Wells .

Diebold Nixdorf INC (DBD) Shareholder Lapides Asset Management LLC Boosted Holding
Following the completion of the acquisition, the director now directly owns 51,603 shares in the company, valued at $863,834.22. Moreover, Thompson Siegel & Walmsley Lc has 0.36% invested in Diebold Nixdorf, Incorporated (NYSE:DBD) for 1.33 million shares.

Hurry up, curious cord-cutters, unless you want to pay more
Also, make sure you sign up through the web, and not through iOS: The higher $40 price is already showing on the latter. With no contract commitment and no penalty to cancel, it's worth trying out YouTube TV at its lower price now.

Brokerages Set Portland General Electric (POR) Price Target at $41.44
Institutional investors have recently bought and sold shares of the stock. 61 funds opened positions while 85 raised stakes. The New England Research & Management Inc holds 95,184 shares with $2.30 million value, down from 107,842 last quarter.

Tori Spelling and Jennie Garth developing show based on Beverly Hills, 90210
Beverly Hills, 90210 - the young-adult soap Spelling's late father Aaron co-created - initially ran 1990 to 2000. The reboot of the series, "90210", aired 2008-2013.

Cowboys CB Scandrick reportedly requests release
The Cowboys have made it clear in their comments they did not intend for Orlando Scandrick to join them on the field in 2018. Scandrick served as a slot corner his first five years, becoming one of the best interior defenders in the league.

Other news