Sci-tech

Hidden For 6 Years, 'Slingshot' Malware Hacks Your PC Through Your Router

Hidden For 6 Years, 'Slingshot' Malware Hacks Your PC Through Your Router

The researchers don't know precisely how Slingshot infected all of its targets, but in some cases the malicious app was planted inside MikroTik routers that Slingshot operators got access to. Analysis of the file showed that despite appearing legitimate, the scesrv.dll module had malicious code embedded into it. The researchers realised that a highly advanced intruder had found its way into the very core of the computer.

The report stated that the attack replaces a library file with a malicious version that downloads other malicious components.

After a router is infected, the malware would load a couple of "huge and powerful" modules on the target's computer. The method used to hack the routers in the first place remains unknown.

Kaspersky Lab said Slingshot uses two "masterpieces" - a kernel mode module named Cahnadr, and GollumApp, a user mode module. The two are then able to support each other to gather data, and then send it out to the attacker.

Slingshot's main objective seems to be cyberespionage.

When running in kernel mode, Slingshot can give attackers complete control of the system without any limitations whatsoever. Slingshot can collect screenshots, keyboard data, network data, passwords, other desktop activity, the clipboard, and a lot more.

One incredibly sophisticated thing the malware did to hide its existence was to use an encrypted virtual file system located in an unused part of the hard drive. After that, Slingshot establishes an encrypted communication channel to the C&C and starts to transmit data for exfiltration over it.

"The development time, skill and cost involved in creating Slingshot's complex toolset is likely to have been extremely high".

Georgia earns No. 4 seed for NCAA Tournament
The Bears played the Dawgs earlier this season and Georgia had the upper hand beating Mercer at Hawkins Arena 72-54. The Bears set program records with 27 consecutive and 30 overall wins. "We play them every year", Gardner said.

The researchers haven't named Slingshot's country of origin but note the presence of debug messages written in flawless English, while various component names such as Gollum and Smeagol suggest the authors are fans of The Hobbit. Text clues in the code suggest it is English-speaking.

Slingshot's origin hasn't been confirmed, but has been speculated to be state-sponsored in that it is intended for a specific goal that it likely politically motivated rather than malicious intent to the everyday user.

Infected machines cropped up in the likes of Libya, Afghanistan, Jordan, the Congo, Sudan and Somalia, and appeared to target individuals on the whole. However, accurate attribution is always hard, if not impossible to determine, and increasingly prone to manipulation and error.

Adding that the malware Slingshot may be a work of state-sponsored performer, the company said that, "Most of the victims appear to be targeted individuals rather than organizations, but there are some government organizations and institutions". Kenya and the Yemen account for most of the victims observed so far.

Researchers have uncovered new malware that has apparently been used to spy on victims in the Middle East and Africa for six years undetected. "This contains almost 1,500 user-code functions and provides most of the above described routines for persistence, file system control and C&C communications".

The researchers note that owners of a MikroTik router and WinBox managing software should download the latest version of the program alongside updating the router itself to the latest version on its operating system. Kaspersky says it has given MikroTik all its information and that MikroTik's software no longer downloads anything from the users' routers to their computers.

If you spot early indicators of a targeted attack, consider managed protection services that will allow you to proactively detect advanced threats, reduce dwell time and arrange timely incident response.


  • The Coca-Cola Co (NYSE:KO) Stake Increased by Kanawha Capital Management LLC

    The Coca-Cola Co (NYSE:KO) Stake Increased by Kanawha Capital Management LLC

    North Carolina-based National Bank & Trust Of America De has invested 0% in Spark Energy, Inc. (NYSE:PLOW) for 116,808 shares. Nwq Inv Communications Ltd Liability owns 1.28M shares for 0.71% of their portfolio. 45,193 were accumulated by Nippon Life.
    Number of patients on hospital trolleys hits new high of 714

    Number of patients on hospital trolleys hits new high of 714

    It said that on every day last week the trolley numbers exceeded 600, creating a record weekly total of 3,112. The Health Minister Simon Harris also announced €5m in extra spending to speed up the discharge of patients.
    Tori Spelling and Jennie Garth developing show based on Beverly Hills, 90210

    Tori Spelling and Jennie Garth developing show based on Beverly Hills, 90210

    The series has yet to be given a title, but Garth and Spelling reportedly attended meetings for the project over the weekend. Alongside a throwback photo of the pair, the actress spelled out all the reasons why Garth was her BFF.
  • Man Utd midfielder Lingard: Rashford always ready for starting call

    Lingard believes the whole United squad is in a good place at the moment after three consecutive wins, including two comebacks. Jesse Lingard has told Marcus Rashford that the chances will come for him at Manchester United as long as he is patient.
    Capital International Inc. CA Has $161000 Stake in Pfizer Inc. (PFE)

    Capital International Inc. CA Has $161000 Stake in Pfizer Inc. (PFE)

    Kevin Michael Ulrich decreased its stake in Pfizer Inc ( PFE ) by 1.69% based on its latest 2017Q3 regulatory filing with the SEC. News headlines about Pfizer (NYSE:PFE) have been trending somewhat positive on Monday, Accern Sentiment Analysis reports.

    Which Way Traders Signposts Square, Inc. (SQ), Occidental Petroleum Corporation (OXY) Stocks?

    Finally, Flossbach Von Storch AG lifted its holdings in shares of Occidental Petroleum by 15.0% during the 4th quarter. Among 7 analysts covering Weight Watchers International ( NYSE:WTW ), 4 have Buy rating, 1 Sell and 2 Hold.
  • Paris Saint-Germain bounce back in Ligue 1 after Champions League

    Paris Saint-Germain bounce back in Ligue 1 after Champions League

    PSG lead the standings on 77 points after 29 games, 14 clear of nearest challengers and champions AS Monaco, who won 3-1 at Strasbourg on Friday.
    Looking at teams Rams are competing with in signing Sammy Watkins

    Looking at teams Rams are competing with in signing Sammy Watkins

    According to Spotrac , the Packers now have $38.38 million of the cap committed to their receivers, far and away a league-high. Meredith, 25, is coming off a torn ACL and partially torn MCL in his left knee suffered last preseason.
    Fire forces evacuation of school, some nearby homes

    Fire forces evacuation of school, some nearby homes

    Oregon Humane Society said those evacuating pets and needing a place to house them, should call the shelter at 503,285.7722. Firefighters expected to be at the scene overnight and into Tuesday morning to make sure the scene remained under control.
  • 2 men tried to rob Girl Scouts, Tacoma police say

    2 men tried to rob Girl Scouts, Tacoma police say

    A group of Girl Scouts were the victims of an attempted armed robbery in Tacoma, Washington. Two men in their 20s pulled a gun on the girls in an attempt to rob them.
    Coutinho hopes for Neymar reunion

    Coutinho hopes for Neymar reunion

    Philippe Couintho would love to see Brazilian compatriot Neymar back at Barcelona . We want to go through, and we will do it for them. "He is a great player".

    SunTrust Banks Increases Lowe's Companies (NYSE:LOW) Price Target to $90.00

    It increased, as 73 investors sold MDT shares while 392 reduced holdings. 6 funds opened positions while 3 raised stakes. The fund owned 47,686 shares of the home improvement retailer's stock after selling 1,166 shares during the quarter.