The cyber attack has now become the hottest topic for discussion when it comes to privacy for both user and organisation. After Cryptojacking, another malware has taken the control on hardware, termed as Slingshot Router Malware! This malware has squandered all the security firms and is very active which has made many computers their prey.
Mostly it has been active from 6 years while remaining undetected. This is because it works through router which collects personal information such as account number, emails, confidential data and more.
As per Kaspersky Lab reports, the whole process was started in 2012, and still active in most of the computer which are specially connected to Mikrotik Routers.
How Slingshot Router Malware works?
As per the recent information published, Slingshot malware replaces the windows dll (Dynamic link Library) file called ‘scesrv.dll’ with its new one which contains the malicious code. The most surprising thing is that both original and malicious dll file size are same. Once it replaces the file, it interact with several kernel modules, networks services etc and hence gains the administrative rights of victims computer.
Here is the whole information of this Malware:
Slignshot infects the routers and loads tons of dll’s to computer in order to gain access to the whole system. This is possible because slingshot virus install two other modules as well i.e. Ring 0 or duplicate kernel modules through which an attacker can control the computer and manipulate it.
Once slingshot router malware gains all the rights of victim computer then it can:
-
Collects System information.
-
Types of devices connected to computer.
-
Collects screenshots.
-
Take away your personal data such as photos, files, confidential credentials.
Why this Malware remains undetected for so many Years ?
The main cause of the threat remains undetected is APT, formally known as Advanced persistent threat which encrypts all the strings along with the procedure of anti debugging techniques. This further helps in deciding that which process to run and at what security level.
This somehow makes it undetectable in the security software radar.
Moreover, its a kind of automated malware which shutdown and hide itself whenever the antivirus service runs, leaving no presence.
SEE ALSO: How to Prevent WannaCry Ransomware Attack
What can we do to Avoid this now?
Right now kaspersky security experts have informed about the threat to Mikro Tik organisation which in return came up with latest update. Also, the organisations which are using Mikrotik Routers have to make sure that their router are fully update with the latest software.
However for worst case scenario, if you are using router other than Mickro Tik’s, then this Slingshot Router malware can show its appearance. Best practice would be to update your router software to its latest version.
