Router-based espionage malware discovered

Router-based espionage malware discovered [Image: Grassetto via iStock]

Researchers at Kaspersky Lab have discovered a kind of stealthy malware that has been used to carry out cyber espionage without being detected for the last six years.

Aimed at the Middle East and Africa regions, Computer Weekly has pointed out that the Slingshot malware presents “yet another way that cyber criminals can target businesses”.

Kaspersky Lab said the attackers targeted a number of victims through compromised routers manufactured by MikroTik. The researchers explained that routers download and run various dynamic-link library (DLL) files, but the hackers have compromised devices by adding a malicious DLL to an otherwise legitimate package.

This bad DLL was “a downloader for various malicious files, which were also stored in the router”, according to Kaspersky Lab.

In addition, Slingshot is also capable of running malware in kernel mode, which gives it complete control over victims’ devices. The researchers said that although it is almost impossible in updated operating systems, the malware searches computers for signed vulnerable drivers, then using them to run its own code.

Analysis has so far suggested it collects screenshots, keyboard data, network data, passwords, USB connections, other desktop activity, clipboard data and more. However, its kernel access means it can steal whatever the attacker wants, the researchers warned.

Alexey Shulmin, lead malware analyst at Kaspersky Lab, said: “Slingshot is a sophisticated threat, employing a wide range of tools and techniques, including kernel mode modules that have to date only been seen in the most advanced predators. The functionality is very precious and profitable for the attackers, which could explain why it has been around for at least six years.”

His firm advised users of Mikrotik routers to upgrade to the latest software version as soon as possible to ensure protection against known vulnerabilities. He also recommended that businesses use a “proven corporate grade security solution” combined with anti-targeted attack technologies and threat intelligence.