A malware, dubbed as Slingshot was discovered by the Kaspersky Lab security researchers, which hid in routers for more than six years.
The malware is too powerful and sofisticated, it attacks and infects users systems through compromising MicroTik routers and are run in kernel mode, which give them complete control over victims’ devices.
The researchers don’t know how many devices may have been infected. The attackers installed the malicious app inside MikroTik routers that Slingshot operators got access to.
“The malware is highly advanced, solving all sorts of problems from a technical perspective and often in a very elegant way, combining older and newer components in a thoroughly thought-through, long-term operation, something to expect from a top-notch well-resourced actor,” the researchers noted in their report.
According to the researchers, they found the Slingshot operation after a suspicious keylogger program was detected, to see if that code appeared anywhere else, the reseachers created a behavioral detection signature.
With this, the experts were able to discover a suspicious file inside a system folder named scesrv.dll, and analysis of the file showed that the scesrv.dll module had malicious code embedded into it.
In further investigation it was revealed that victims had been infected through routers that had been compromised through a malicious dynamic link library.
Slingshot’s main purpose is to collect screenshots, keyboard data, network data, passwords, USB connections, other desktop activity, clipboard data and more. And by accessing kernel they can steal whatever they want, the researchers said.
The malware is too powerful and sofisticated, it attacks and infects users systems through compromising MicroTik routers and are run in kernel mode, which give them complete control over victims’ devices.
The researchers don’t know how many devices may have been infected. The attackers installed the malicious app inside MikroTik routers that Slingshot operators got access to.
“The malware is highly advanced, solving all sorts of problems from a technical perspective and often in a very elegant way, combining older and newer components in a thoroughly thought-through, long-term operation, something to expect from a top-notch well-resourced actor,” the researchers noted in their report.
According to the researchers, they found the Slingshot operation after a suspicious keylogger program was detected, to see if that code appeared anywhere else, the reseachers created a behavioral detection signature.
With this, the experts were able to discover a suspicious file inside a system folder named scesrv.dll, and analysis of the file showed that the scesrv.dll module had malicious code embedded into it.
In further investigation it was revealed that victims had been infected through routers that had been compromised through a malicious dynamic link library.
Slingshot’s main purpose is to collect screenshots, keyboard data, network data, passwords, USB connections, other desktop activity, clipboard data and more. And by accessing kernel they can steal whatever they want, the researchers said.