Slingshot malware cyber espionage 3

The researchers at Kaspersky Labs have uncovered a malware, dubbed Slingshot, that has been able to hide for around six years. While the exact number is not known, the malware has infected around 100 users in different countries located in Africa and the Middle East.

Slingshot is believed to be active since 2012 through February 2018. It’s a highly sophisticated cyber espionage tool that matches known platforms Project Sauron and Regin in complexity.

Slingshot Malware Cyber Espionage 1

One of the ways it can infect Windows machines is through the MikroTik routers and their management software called Winbox Loader. The researchers also include the possibilities of victim’s getting infected through a Windows exploit.

Slingshot first infects the router and then loads two powerful modules called Cahnadr (kernel-mode module) and GollumApp (user-mode module) on the victim’s computer. After that, the cyber-espionage tool can collect various information including USB connections, keyboard, clipboard data, network data, screenshots, passwords, etc.

Slingshot malware cyber espionage 2

Potentially, with the facility of the kernel mode, the attacker(s) behind Slingshot can take complete control of the victim’s computer. “There are no restrictions, no limitations, and no protection for the user (or none that the malware can’t easily bypass),” the researchers wrote.

According to the researchers, the development of Slingshot might have involved a high cost and skill considering how advanced and powerful it is. Slingshot’s code suggests that its developers speak English language and it’s believed that some organized state-sponsored actor hacker group fuels the malware.

Slingshot has an encrypted file system of its own. It can disable the disk defragmentation feature in Windows OS to prevent the relocation of the data stored by Slingshot on the hard drive.

MikroTik has been provided the limited set information the researchers currently have regarding the malware. Affected users are advised to update their router firmware to the latest version. It may be possible that Slingshot might have infected users with other routers.

Read about Slingshot in details in the researchers’ blog post.

Also Read: Microsoft Stopped ‘Massive’ Cryptojacking Malware Attack That Targeted 500,000 Computers
Aditya Tiwari
When he is not writing for Fossbytes, he is busy eating his daily cheat meal and finding content to binge watch. Please feel free to suggest him some good stuff on Netflix. Reach out at [email protected]

  Fossbytes Academy