Privacy News Potent malware that hid for six years spread through routers

arslan ejaz

Level 10
Thread author
Verified
Well-known
Jun 5, 2015
462
Researchers have discovered malware so stealthy it remained hidden for six years despite infecting at least 100 computers worldwide.

Slingshot—which gets its name from text found inside some of the recovered malware samples—is among the most advanced attack platforms ever discovered, which means it was likely developed on behalf of a well-resourced country, researchers with Moscow-based Kaspersky Lab reported Friday. The sophistication of the malware rivals that of Regin—the advanced backdoor that infected Belgian telecom Belgacom and other high-profile targets for years—and Project Sauron, a separate piece of malware suspected of being developed by a nation-state that also remained hidden for years.
 

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Thanks for the share! (y)
One of the ways Slingshot concealed itself was its use of an encrypted virtual file system that was typically located in an unused part of the hard drive. By segregating malware files from the file system of the infected computer, Slingshot stood a much better chance of remaining undetected by antivirus engines. Other stealth techniques included encrypting all text strings in its various modules, calling system services directly to bypass so-called hooks used by security products, and the ability to shut down components when forensic tools are loaded.

The ability for Slingshot to access the operating system kernel means the malware had access to whatever data was stored on the hard drive or in the internal memory of an infected machine. Infected computers were located primarily in Kenya and Yemen, but also in Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia, and Tanzania. Most of the victims appeared to be targeted individuals. Some, however, were government organizations and institutions.

"Slingshot is very complex, and the developers behind it have clearly spent a great deal of time and money on its creation," company researchers wrote. "Its infection vector is remarkable—and, to the best of our knowledge, unique."
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top