Home / Tech News / Featured Tech News / Slingshot malware has gone undetected in routers for six years

Slingshot malware has gone undetected in routers for six years

Damien Mason March 12, 2018 Featured Tech News, Security

Researchers have uncovered malware that has kept hidden since 2012, dubbing the malicious strain Slingshot after names found within the files. Despite only 100 systems found infected, Slingshot is sophisticated and no short of a “masterpiece” according to its discoverers.

Slingshot was revealed by researchers at Kaspersky Lab as a Trojan horse, in that the malicious code piggybacked off compromised MikroTik routers. Once Slingshot has access to the network, it replaces a library file with a malicious version that in turn downloads the necessary files to launch a two-pronged attack on the computer itself.

One is a kernel mode module called Cahnadr that enables the attacker to gain complete access to the system, including deep access to storage and memory. It can even allow the intruder to execute code without falling victim to a blue screen. The other is a user mode module called GollumApp that contains 1,500 user-code functions.

Image Credit: Kaspersky Labs

According to Kaspersky experts, this allows Slingshot to “collect screenshots, keyboard data, network data, passwords, other desktop activity, the clipboard, and a lot more. And all without exploiting any zero-day vulnerabilities.”

The researchers note that owners of a MikroTik router and WinBox managing software should download the latest version of the program alongside updating the router itself to the latest version on its operating system. This will protect against the one attack vector, but unfortunately not the APT itself, which will require a much more comprehensive approach that Kaspersky offers more details on here.

Slingshot’s origin hasn’t been confirmed, but has been speculated to be state-sponsored in that it is intended for a specific purpose that it likely politically motivated rather than malicious intent to the everyday user.

Discuss on our Facebook page, HERE.

KitGuru Says: Nothing has been confirmed beyond the function of the malware itself, leaving motivation and use in question. Considering Slingshot has access to sensitive data, it’s not worth brushing off if there’s a possibility the system you’re using could be infected.

Become a Patron!

Tags

Check Also

Montech HyperFlow Silent 360 AIO Cooler – UPDATE 16 March 25

As some of you may have seen, this week we published a review of the Montech HyperFlow Silent 360 AIO cooler, both on the KitGuru website and our YouTube channel. In this review we explained that the HyperFlow Silent 360 AIO cooler has some issues in regards to the new AMD mounting system that Montech adopted...

© Copyright 2025, Kitguru.net All Rights Reserved Standard Terms

We've noticed that you are using an ad blocker.

Thank you for visiting KitGuru. Our news and reviews teams work hard to bring you the latest stories and finest, in-depth analysis.

We want to be as informative as possible – and to help our readers make the best buying decisions. The mechanism we use to run our business and pay some of the best journalists in the world, is advertising.

If you want to support KitGuru, then please add www.kitguru.net to your ad blocking whitelist or disable your adblocking software. It really makes a difference and allows us to continue creating the kind of content you really want to read.

It is important you know that we don’t run pop ups, pop unders, audio ads, code tracking ads or anything else that would interfere with the KitGuru experience. Adblockers can actually block some of our free content, such as galleries!