State-Sponsored Slingshot Malware Secretly Spying on Victims Through Infected Routers for Years

In what appears to be a state-sponsored malware strain, the malware dubbed Slingshot has initiated spying techniques scouring data on PCs through multi-layer attacks targeting MikroTik routers.

Slingshot malware is essentially a nickname given to a threat that was discovered by Kaspersky to be a highly sophisticated cyber espionage campaign aimed at specific hardware. The attacks from Slingshot have been found to be targeting MikroTik routers where the hardware is instructed to download and run random Dynamic Link Library (DLL) files, many of which are malicious. APT (Advanced Persistent Threat) Hackers are known to be the culprits that have covertly injected the malware into routers to spy on connected victims.

Slingshot is an Old Soul with a New Face

The multi-layered approach that Slingshot utilizes is sophistication not often seen within common malware threats. As it turns out, Slingshot's code has been active since 2012 without much attention given to its capabilities until now. During the 6-year stretch of Slingshot masquerading under the cover of infected routers, APT hackers were performing spying activities on connected users.

The multi-layered actions performed by Slingshot start with its ability to run hostile kernel code and then store its malware files in an encrypted virtual file system. Such a method is known to evade detection, which is possible reason for Slingshot not being noticed for at least six years.

Conventional methods for detection of Slingshot have been null and void due to the many defense mechanisms Slingshot has evolved during its long stint of six years. Essentially, Slingshot is touted as also having the ability to steal data, which includes passwords, screenshots, network traffic data, and even keyboard strokes.

Vulnerable Routers become Easy Targets for Sophisticated Malware

As for the direct effects on MikroTik routers, the networking devices just so happen to be a vulnerable piece of hardware that can be levered by Slingshot. The MikroTik router control and management software is vulnerable to the point that Slingshot can embed its crumby DLL files and utilize the router for temporary storage.

It appears that MikroTik has been alerted to the infiltration of Slingshot and is able to provide a "fix" by the way of a firmware update, which will wipe the router of its previous management software in place of a version that may not be affected. Though, more reason to be alarmed is the possibility of Slingshot attacking other routers.

Computer security experts fear that the reach of Slingshot is broader than initially found. Due to Slingshot's extended period of being somewhat undercover and evading detection, there is the possibility that other routers may be targets where sensitive data may be stolen without any indication to computer users or administrators.

There are other solutions to Slingshot looming from computer security firms, which include Kaspersky who has brought the recent Slingshot attacks on routers to light. So far, Slingshot has managed to initiate its malicious code without causing much alarm where the malicious attacks take place without causing system crashes or blue screens of death. In knowing such, Slingshot is among the most stealth-like malware around, making it even more dangerous if it were to ever pilfer large amounts of data only to allow cybercrooks access.

Computer users or network administrators aware of Slingshot and its dangerous paths should heed to the warnings, update the necessary software, and stay abreast of the evolution of Slingshot.