Casa > cibernético Notícias > Highly Sophisticated Slingshot Malware Uses Routers to Infect
CYBER NEWS

Altamente sofisticado Slingshot Malware usa roteadores para Infect

Uma ameaça altamente sofisticada, capaz de espionagem cibernética por meio de roteadores direcionados, foi descoberta por pesquisadores da Kaspersky Lab. Dublado Slingshot, the malware has been used in malicious campaigns on victims in the Middle East and Africa for several years. disse brevemente, Slingshot is a complex APT (Ameaça persistente avançada), com “one of the most complex frameworks” as explained by malware analyst Alexey Shulmin.

Story relacionado: Os mais populares ferramentas de Hacking em 2017

Slingshot APT Technical Details

Kaspersky came across the malware when they found a suspiciously looking keylogger. They created a behavioral detection signature to check whether the code is present anywhere else. This activity triggered detection of a suspicious file within the system folder known as scesrv.dll. Later it turned out that the scesrv.dll module contained malicious code. “Since this library is loaded by ‘services.exe,’ a process that has system privileges, the poisoned library gained the same rights. The researchers realized that a highly advanced intruder had found its way into the very core of the computer,” Kaspersky said in their press statement.

The researchers revealed their findings during its Security Analyst Summit where they said that they haven’t previously seen such an unusual attack vector. The attackers were using compromised MikroTik routers to targets victims by placing a malicious DLL inside it. The DLL is in fact a downloader for various malicious components, os pesquisadores disseram.

Mais especificamente, “when an administrator logs in to configure the router, the router’s management software downloads and runs the malicious module on the administrator’s computer. The method used to hack the routers in the first place remains unknown,” Kaspersky Lab researchers revealed.

What happens after the router is infected? The next step includes Slingshot downloading more malware modules. Two of them deserve more attention due to their quite sophisticated natureCahnadr e GollumApp. The two components are connected to one another and can support each other in collecting information procedures.

GollumApp in particular appears to be the most complex module of Slingshot, found to encompass 1,500 user-code functions as well as the controls for persistence, file system control and command and control servers. The other module, Cahnadr, is a kernel-mode program that servers to execute malicious code without crashing the entire file system, Kaspersky disse.

Story relacionado: Topo 6 Técnicas avançadas de ofuscação que escondem malware em seu dispositivo

Slingshot APT Capabilities

The malware is capable of carrying out silent cyber-espionage campaigns where it stealthily gathers data, hides traffic using data packets that can be intercepted without being traced.

A summary of its capabilities looks like that:

Slingshot’s main purpose seems to be cyber-espionage. Analysis suggests it collects screenshots, keyboard data, dados de rede, senhas, USB connections, other desktop activity, clipboard data and more, although its kernel access means it can steal whatever it wants.

Quem é o alvo? Pelo visto, victims of this malware are most likely particular individuals. Contudo, government organizations may also be targeted. In terms of the routers that are affected by Slingshot – even though MikroTik routers were impacted in the campaigns analyzed by the researchers, other routers can be targeted as well.

The sophisticated structure of the malware also speaks volumes about who is behind the campaigns – most likely state-sponsored threat actors.

MikroTik users are urged to upgrade to the latest firmware to avoid an infection with Slingshot.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...