Security researchers from Kaspersky Lab have discovered a new bunch of potential malware dangers. In what seems to be another state-sponsored malware strain, the latest bunch of possible multi-layer attacks are more advanced than most other prevailing in the market at the moment. The malware – which is nicknamed Slingshot – is a code that spies on PCs through multi-layer attacks. These vulnerabilities are used to target MikroTik routers.
How does the attack take place?
There is a systematic way through which Slingshot malware ensues its much-strategized attack. At first, it replaces the library file with a malicious version that downloads malicious components. Following which, it goes on to launch a quick two-pronged attack on other computers.
“One, Canhadr, runs low-level kernel code that effectively gives the intruder free rein, including deep access to storage and memory; the other, GollumApp, focuses on the user level and includes code to coordinate efforts, manage the file system and keep the malware alive,” notes a report by Engadget.
As per Kaspersky’s report, these two elements are masterpieces that run hostile kernel codes without causing any potential crash. In addition to this, Slingshot also stores its malware files in an encrypted virtual file system, which protects every text string in its module first.
One of the main reasons why Slingshot poses a significant threat is because it is designed to defend against any conventional method of detecting malware. This way, the user might never even know that their systems are affected by malware. The malware will end up stealing whatever it wants, including keyboard strokes, network traffics, passwords and even screenshots. At the same time, it is not certain how Slingshot gets into a system besides taking maximum advantage of the PC’s router management software. However, Kaspersky has listed on several instances that may lead to this problem.