Slingshot Makes Routers Vulnerable to Espionage

Antivirus becomes Malware! 'DoubleAgent' attacks discovered

In the modern connected universe, all our devices are interconnected with one another, with the cloud and with the billions of other devices out there. This makes security one of our chief concerns. We are confronted every single day with new and increasingly sophisticated threats. The newest vulnerability opens your router to attacks.

Slingshot has just been identified by Kaspersky. Slingshot attacks MikroTik’S router in a rather sophisticated way, as reported during Kaspersky’s Security Analyst Summit recently.  Using intricate algorithms, Slingshot is passed on to the device from an infected router. Slingshot will collect private information like screenshots, keyboard data, and passwords from unsuspecting users.

Infected Dll Files

Quick action by MikroTik closed the vulnerability to Slingshot on its routers. According to Kaspersky, other routers could still be vulnerable.  Slingshot is unique and very hard to detect because it infects DLL files, which circumvents normal detection as malware because it is hidden in official downloads and activated by normal file executions. The malware runs in kernel-mode, and this means it infects the PC without causing crashes.  This specific malware, named Cahnadr, connects with GollumApp and can result in attackers controlling your PC.

State Sponsored

This malware, when analyzed, is so sophisticated, according to Kaspersky, that has to be the handiwork of extraordinary organized professionals, and is very likely state-sponsored. This is further supported by the fact that the data collected by the malware is typical of cyber-espionage, since the very basic level the malware operates in, enables it to access almost any data on the computer.

Update, Update, Update

Updating your device is the most important step to take if you want to protect yourself from invasions like this on your devices.  You have to install all your OS and hardware updates at all times.  And now that routers are infected, you have to start updating all the secondary devices that connect to your network too.