Security researchers from Kaspersky Lab have discovered a new advanced virus. The name Slingshot penetrates into the PC using the MikroTik network equipment.
What is known
This "masterpiece" attacks the computer immediately with two malicious programs. Canhadr runs low-level kernel code and opens access to drives and memory. The second, GollumApp, is similar to an assistant, which coordinates efforts, managing the file system and supports software protection.
At the Laboratory, the virus was nicknamed "a masterpiece. Slingshot saves its own files in an encrypted form in the virtual file system, encrypts the lines and calls the services directly. It is noteworthy that the virus turns off its own components when security programs are running, for example, anti-virus software.
Researchers of Kaspersky said that the code is active since 2012. Slingshot is able to steal everything he wants: keys, passwords, screenshots, Internet traffic, and track clicks. It is not known how the virus gets to computers, but there are "several" assumptions.
Due to the presence of spy functionality, the researchers suggested that Slingshot was created by a state agency. In the code of the virus, clues that indicate English-speaking, but reliable information, are not found. From the virus, injured 100 computers, including government organizations and private individuals. Kaspersky Lab believes that the attack was aimed at specific individuals.