Newly Discovered Router Malware Likely Created By Govt. Agency

Security researchers have discovered a new piece of malware that’s so sophisticated that it went undetected for six years.

The so-called Slingshot malware was first spotted by researchers at Kaspersky Lab. Instead of infecting a computer, Slingshot embeds itself into a network’s router. And it’s so advanced that researchers thoroughly believe it was developed by a state government or agency.

Slingshot has been active since at least 2012, but managed to go unnoticed. That’s because, according to Kaspersky, the malware is extremely sophisticated and has a variety of ways to avoid detection. When forensic tools are active, for example, Slingshot is intelligent enough to shut down certain components.

The malware was most likely developed for spying purposes. It can basically steal any kind of data it wants, from network traffic, keystrokes and passwords to screenshots and even data pulled from a connected USB device.

Once it infects a router, Slingshot is able to deploy “huge and powerful” modules on a target computer. Those modules will then work together to send data to the attacker.

“Slingshot is very complex, and the developers behind it have clearly spent a great deal of time and money on its creation,” researchers wrote. “Its infection vector is remarkable — and, to the best of our knowledge, unique.”

Kaspersky Labs still doesn’t know how the router actually compromises a system, either. Researchers know that it takes advantage of the router’s management software, and can exist in “several” instances.

The majority of compromised computers were located in Kenya and Yemen, but the researchers detected infected systems in Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia and Tanzania. Targets include individuals, governments and institutional systems.

Kaspersky Labs noted that the malware’s debug messages were written in perfect English. That could hint that its creators spoke that language fluently.

As Engadget points out, it’s possible that the malware was developed by one of the countries belonging to the Five Eyes intelligence alliance — Australia, Canada, New Zealand, the UK or the US — to keep an eye on nations with significant terrorist activity. But that’s speculation at this point.

It’s not clear how many computers total are affected by Slingshot. But, thankfully, impacted routers will be fixed with a software update.