Researchers at Kaspersky Lab have discovered a new malware dubbed Slingshot, that remained undetected for six years, and they describe it as the most advanced malware to date. It infected 100 computers worldwide and also include few government institutions. Most of the victims seem to be targeted individuals and spread majorly across various countries like Kenya and Yemen and also in Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia, and Tanzania. It is not clear about the creators of this malware even though some clear English messages pointed out that the developers spoke the language. It is perceived as state-sponsored espionage to keep track of the terrorist activities, but it is not clear. Although the mode of infection is not entirely clear, the main target seems to be the MicroTik routers manufactured by Latvia.
How does the Slingshot malware infect PCs?
The malware initially replaces a library file with a malicious version that downloads other malicious components and cleverly launches a two-layered attack on the Personal computer (PC). One of them called the Cadhr runs a low-level code that gives access to storage and memory. The other one dubbed the Gollum app includes code that manages the file system and keeps the malware active. Kaspersky researchers describe these two as masterpieces and probably the reason behind the malware to remain undetected for such a long period.
How slingshot succeeded in escaping from detection by Antivirus?
Slingshot malware employed an interesting strategy that led to it being successfully operational without being detected by the Antivirus engines. Slingshot stores all its files using an encrypted virtual file system and remained hidden in the unused part of the hard drive. By isolating itself from the computer file system, it was undetected by the search engines. The malware also can intelligently shut down its operations to escape detection from forensic tools. Slingshot steals whatever the information it needs like log activity, passwords screenshots, keyboard strokes and network traffic. There is also a possibility that apart from MicroTik, other routers might also be the victims of this malware. If that is the case, Slingshot might have far reach than the listed countries.