Kaspersky Lab has discovered what is being called a new strain of state-sponsored malware.
Dubbed Slingshot, the malware invades PCs using an attack that targets MikroTik routers.
The report stated that the attack replaces a library file with a malicious version that downloads other malicious components.
It then launches an attack on the target PCs.
Kaspersky Lab said Slingshot uses two “masterpieces” – a kernel mode module named Cahnadr, and GollumApp, a user mode module.
“Running in kernel mode, Cahnadr gives attackers complete control over the infected computer,” it said.
“The second module, GollumApp, is even more sophisticated. It contains nearly 1,500 user-code functions.”
This lets an attacker collect screenshots, keyboard data, network data, and passwords.
“What makes Slingshot really dangerous is the numerous tricks its actors use to avoid detection. It can even shut down its components when it detects signs that might indicate forensic research,” said Kaspersky Lab.