Kaspersky Lab found sophisticated cyber-espionage malware, which is the more than most advanced malware hiding since nearly six years in routers.
A research team working at the Moscow-based anti-virus provider and cyber security – Kaspersky Lab discovered that this most advanced malware spreads through damaged routers and stay undetected for a longer period time. It tries to observe PCs with the help of multi-layer attack, which sets its target on the MikroTik routers.
Kaspersky Lab stated that, “Analysis suggests it collects screenshots, keyboard data, network data, passwords, USB connections, other desktop activity, clipboard and more. But with full access to the kernel part of the system, it can steal whatever it wants – credit card numbers, password hashes, and social security account numbers – any type of data.”
The malware has been christened as Slingshot, which smartly exchanges the legitimate scesrv.dll file of the users with another a malicious one in the Windows library system. The malicious Slingshot matches the exact size of the file in order to avoid itself from detection by an antivirus software.
Researchers also recommend the people using MikroTik routers to update the latest software accessible as early as they can. The company also added that the Winbox Loader is not able to download anything anymore from routers to a user’s system with the most recent version rather reducing the threats.
Adding that the malware Slingshot may be a work of state-sponsored performer, the company said that, “Most of the victims appear to be targeted individuals rather than organizations, but there are some government organizations and institutions.”