mikrotik
Latest
Data-stealing router malware bypasses web encryption
A recently discovered strain of router malware appears to be much worse than thought. Cisco Talos has learned that VPNFilter can not only render devices unusable, but can bypass the SSL encryption you often see on the web. A module in the malware intercepts outgoing web requests to turn them into non-secure (that is, basic HTTP) requests, helping it steal sign-ins and other sensitive data when possible. It can also use man-in-the-middle attacks to insert hostile JavaScript into outside websites, and target devices beyond the router itself, such as PCs on the local network.
Sophisticated malware attacks through routers
Security researchers at Kaspersky Lab have discovered what's likely to be another state-sponsored malware strain, and this one is more advanced than most. Nicknamed Slingshot, the code spies on PCs through a multi-layer attack that targets MikroTik routers. It first replaces a library file with a malicious version that downloads other malicious components, and then launches a clever two-pronged attack on the computers themselves. One, Canhadr, runs low-level kernel code that effectively gives the intruder free rein, including deep access to storage and memory; the other, GollumApp, focuses on the user level and includes code to coordinate efforts, manage the file system and keep the malware alive.
