Kaspersky Inc has published an () of a MS Windows rootkit, therein nicknamed "Slingshot".
The item exhibits the traditional smell of USG-authored shitware, e.g. validly-signed Windows drivers for the persistence layer. However the more interesting aspect is that it is spread via infected routers, of a type which, astonishingly even for consumer shitware, forces the execution of a x86 Windows binary for initial configuration.
An infected router dutifully augments this configurator with a rootkit installer; the rootkit, in turn, contains the typical keylogger and saved-password-collector, network topology probe, etc. components.
The more interesting and aspect is however the identity of the router's manufacturer:
. That very same Latvian USG shill company that's been deploying routers with nonfunctional RNGs and trivially- SSH keys for its entire existence. And dutifully spreads whenever the danger of public exposure seems acute.
