Skip to main content

Slingshot malware that attacks routers may be state-sponsored espionage tool

Keeping up with security updates for our various connected devices could be a full-time job. Whether it’s our smartphones, our PCs, our home assistants, or other devices, seemingly not a day goes by that we don’t hear about one security vulnerability or another. This time around, it’s the most central device in our networks, the router, that’s under attack.

Kaspersky recently reported on a new, fairly sophisticated, attack on MikroTik routers that its researchers described during the company’s Security Analyst Summit. Dubbed Slingshot, the vulnerability is a rather tricky piece of malware that can collect all kinds of information from PCs that are attacked via a compromised router — including screenshots, passwords, keyboard data, and other information.

Recommended Videos

While Kaspersky notified MikroTik of the issue and that company has already resolved the vulnerability, Kaspersky believes that other routers could still be affected. What makes Slingshot so potentially dangerous is that it piggybacks on legitimate router downloads and file executions — in this case, DLL files — which are used to infect PCs with kernel-mode malware that runs on affected machines without causing crashes. This malware, dubbed Cahnadr, joins with another piece called GollumApp that gives attackers “complete control” over a PC.

Please enable Javascript to view this content

Digging into the details of the vulnerability, it’s obvious that the malware is particularly sophisticated, so much so that Kaspersky’s researchers suspect it’s the work of a group that’s highly organized, professional, and indeed likely to be state-sponsored. Given the kind of information that the malware seeks out, it’s also likely that it’s designed to perform cyber-espionage, and given that it can access the system at a very low level it’s capable of stealing any kind of information that exists on an infected PC.

There’s nothing we can do in response to attacks like Slingshot other than the single most important step: make sure that all of our devices are fully updated. Installing all OS and hardware updates is more important than ever, and that’s true not just for the most visible devices we use every day, like our smartphones and PCs, but also those hidden devices like routers that can serve as attack vectors for every other device on our networks.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
ChatGPT’s new Pro subscription will cost you $200 per month
glasses and chatgpt

Sam Altman and team kicked off the company's "12 Days of OpenAI" event Thursday with a live stream to debut the fully functional version of its 01 reasoning model, as well as a new subscription tier called ChatGPT Pro. But to gain unlimited access to these new features and capabilities, you're going to need to shell out an exorbitant $200 per month.

The 01 model, originally codenamed Project Strawberry, was first released in September as a preview, alongside a lighter-weight o1-mini model, to ChatGPT-Plus subscribers. o1, as a reasoning model, differs from standard LLMs in that it is capable of fact-checking itself before returning its generated response to the user. This helps such models reduce their propensity to hallucinate answers but comes at the cost of a longer inference period and slower response.

Read more
Surface Pro alternative: This Asus Chromebook is another $70 off today
A man holding the Asus Chromebook CM3001 Laptop.

While fast and powerful CPUs and GPUs go a long way with a desktop or laptop, not every PC needs to be a workhorse. Some folks only need a computer for basic web browsing or watching the occasional HD movie or show. That’s why we’re always on the lookout for great Chromebook deals. These Chrome OS machines are just strong enough to deliver a notch above the basics, and today, we found an excellent discount on an Asus Chromebook. For a limited time, when you purchase the Asus Chromebook CM3001 Laptop at Best Buy, you’ll only pay $230. At full price, this model sells for $300.

Why you should buy the Asus CM3001 Laptop
From its convenient 2-in-1 design (check out our list of the best 2-in-1 deals) to its beautiful 10.5-inch 1920 x 1200 touchscreen (WUXGA), the CM30 is a laptop you’ll have zero issues taking just about anywhere. Its light form factor is a huge plus, and when closed, the CM30 is only 0.67 inches thick! And while we’re not dealing with Intel or AMD for internals, the onboard MediaTek Kompanio 520 CPU runs and smooth and efficient ship. It's also a great Surface Pro alternative, for those tiring of the Windows way.

Read more
Get Copilot+ features for less with this Asus laptop deal
An Asus ProArt P16 laptop on a white background.

One of the best laptop deals right now is perfect for anyone who is seeking a Copilot PC. If you’re looking to enjoy AI features, check out the Asus ProArt P16 laptop which is $200 off at Best Buy. The laptop normally costs $1,900 but right now, you can buy it for $1,700. A high-end productivity-focused laptop which also packs a punch for some gaming too, this is an ideal workhorse of a PC. Here’s all you need to know about it alongside some insight into the wonders of Copilot.

Why you should buy the Asus ProArt P16 laptop
Asus features in our look at the best laptop brands thanks to the company being great at developing all-rounder laptops. The Asus ProArt P16 laptop is one such highlight. It has an AMD Ryzen AI 9 HX 370 CPU, 32GB of memory, 1TB of SSD storage, and an Nvidia GeForce RTX 4060 GPU.

Read more