Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Submission + - 'Slingshot' Malware That Hid For Six Years Spread Through Routers (

An anonymous reader writes: Security researchers at Kaspersky Lab have discovered what's likely to be another state-sponsored malware strain, and this one is more advanced than most. Nicknamed Slingshot, the code spies on PCs through a multi-layer attack that targets MikroTik routers. It first replaces a library file with a malicious version that downloads other malicious components, and then launches a clever two-pronged attack on the computers themselves. One, Canhadr, runs low-level kernel code that effectively gives the intruder free rein, including deep access to storage and memory; the other, GollumApp, focuses on the user level and includes code to coordinate efforts, manage the file system and keep the malware alive. Kaspersky describes these two elements as "masterpieces," and for good reason. For one, it's no mean feat to run hostile kernel code without crashes. Slingshot also stores its malware files in an encrypted virtual file system, encrypts every text string in its modules, calls services directly (to avoid tripping security software checks) and even shuts components down when forensic tools are active. If there's a common method of detecting malware or identifying its behavior, Slingshot likely has a defense against it. It's no wonder that the code has been active since at least 2012 — no one knew it was there.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

'Slingshot' Malware That Hid For Six Years Spread Through Routers

Comments Filter:

UFOs are for real: the Air Force doesn't exist.