Slingshot is the name
Security researchers at Kaspersky Lab have discovered what's likely to be another state-sponsored malware strain, and this one is more advanced than most. Nicknamed Slingshot, the code spies on PCs through a multi-layer attack that targets MikroTik routers. It first replaces a library file with a malicious version that downloads other malicious components, and then launches a clever two-pronged attack on the computers themselves. One, Canhadr, runs low-level kernel code that effectively gives the intruder free rein, including deep access to storage and memory; the other, GollumApp, focuses on the user level and includes code to coordinate efforts, manage the file system and keep the malware alive.
Kaspersky describes these two elements as "masterpieces," and for good reason. For one, it's no mean feat to run hostile kernel code without crashes. Slingshot also stores its malware files in an encrypted virtual file system, encrypts every text string in its modules, calls services directly (to avoid tripping security software checks) and even shuts components down when forensic tools are active. If there's a common method of detecting malware or identifying its behavior, Slingshot likely has a defense against it. It's no wonder that the code has been active since at least 2012 -- no one knew it was there.
The malware can effectively steal whatever it wants, including keyboard strokes, network traffic, passwords and screenshots. It's not certain how Slingshot gets into a system besides taking advantage of the router management software, but Kaspersky pointed to "several" instances
The combination of this sophistication with the spying focus led Kaspersky to believe that it's likely the creation of a state agency -- it rivals the Regin malware GCHQ used to spy on Belgian carrier Belgacom. And while text clues hint that English speakers might be responsible, the culprit isn't clear. Just shy of 100 individuals, government outfits and institutions fell prey to Slingshot in countries including Afghanistan, Iraq, Jordan, Kenya, Libya and Turkey. It could be one of the Five Eyes countries (Australia, Canada, New Zealand, the UK and the US) keeping watch on nations with significant terrorism issues, but that's far from certain.
Slingshot should be fixed as of recent MikroTik router firmware updates. The concern, as you might guess, is that other router makers might be affected. If they are, there's a possibility that Slingshot has a far wider reach and is still taking sensitive data.
https://www.engadget.com/2018/03/11/sop ... h-routers/
Sophisticated malware attacks through routers
Moderators: b1o, jkerr82508
Re: Sophisticated malware attacks through routers
i swear im going to set up a system for them to snoop into with just a photo of an @$$hole with the word kiss it on it.
if any company has a chance of detecting and stopping it Kaperski does!
but with the us ban on it we are just as F***ed
the nsa and cia want it that way.
hell im surprised the $#!theads haven't outlawed linux yet!
if any company has a chance of detecting and stopping it Kaperski does!
but with the us ban on it we are just as F***ed
the nsa and cia want it that way.
hell im surprised the $#!theads haven't outlawed linux yet!
registered Linux user number 505431
Amateur radio call sign KC3TEC
miracle (mere-ack-ull) :
the aspiration of the indigent, the expectation of the indolent, and the inspiration of the ignorant.
Im so old even dirt was my apprentice!
Amateur radio call sign KC3TEC
miracle (mere-ack-ull) :
the aspiration of the indigent, the expectation of the indolent, and the inspiration of the ignorant.
Im so old even dirt was my apprentice!
Re: Sophisticated malware attacks through routers
Nice idea for a "Honeypot" be Poo Bear and dip on the honey
Re: Sophisticated malware attacks through routers
The Norwegian State security police got the parliament to allow them to use key-loggers - and they would not do it if it weren't possible.
They might be using slingshot. It is probably an "eyes" thing but expanded to 9 eyes....
They might be using slingshot. It is probably an "eyes" thing but expanded to 9 eyes....
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"
"There are no stupid questions - Only stupid answers!"
Re: Sophisticated malware attacks through routers
This eye thing is haunting !!
Not only these malware attacks are a problem, but having different VPN services based in these jurisdictions is a mess!
Such as VPN services like the following are found to be operating all in the FVEY countries
They are all on the scavenger hunt of data mining of their users, everyone is freakin involved from governments to organizations.
Not only these malware attacks are a problem, but having different VPN services based in these jurisdictions is a mess!
Such as VPN services like the following are found to be operating all in the FVEY countries
- Anonymizer VPN
Ace VPN
Hide. Me
Hide My IP
Hide All IP
Hotspot Shield
Hoxx VPN
IPVanish
LiquidVPN
Norton Wi-Fi Privacy
Private Tunnel
Private Internet Access
ProXPN
RA4W VPN
SwitchVPN
StrongVPN
Speedify
SlickVPN
TouchVPN
TorGuard
VPN Unlimited
They are all on the scavenger hunt of data mining of their users, everyone is freakin involved from governments to organizations.
-
- Posts: 4
- Joined: 01 Dec 2019, 08:44
Re: Sophisticated malware attacks through routers
JoeP wrote:This eye thing is haunting !!
Not only these malware attacks are a problem, but having different VPN services based in these jurisdictions is a mess!
Such as VPN services like the following are found to be operating all in the FVEY countriesAnonymizer VPN
Source: https://www.bestvpn.co/guides/5-9-14-eyes-nation/
Ace VPN
Hide. Me
Hide My IP
Hide All IP
Hotspot Shield
Hoxx VPN
IPVanish
LiquidVPN
Norton Wi-Fi Privacy
Private Tunnel
Private Internet Access
ProXPN
RA4W VPN
SwitchVPN
StrongVPN
Speedify
SlickVPN
TouchVPN
TorGuard
VPN Unlimited
They are all on the scavenger hunt of data mining of their users, everyone is freakin involved from governments to organizations.
Very detailed answer. Love it! There are VPN services like PureVPN, ExpressVPN, SurfShark, iProVPNor NordVPN which are good to use and way authentic. We should be careful in choosing a VPN service.