Wikileaks series Vault 7 follow-up: Today, Wikileaks has released more CIA hacking tools in the Vault 7 series. The site reveals new handbooks for three tools called Achilles, Aeris and SeaPea, and is reportedly part of a larger CIA project called Imperial.
The first of these tools is called Achilles and is a utility for adding trojan to macOS DMG installers.
According to the WikiLeaks Wiki User Guide, Achilles allows an operator to add an executable file to a DMG file for a one-time run.
Running the DMG file installs the original application as well as the malware. It then deletes the trojan from the DMG file. The use of malicious apps that run only once is typical of US intelligence services, which, as they know, are making a great effort not to be identified in their victim's systems.
The second handbook released today is about a tool called Aeris, which is alleged to be a malware for POSIX systems.
According to the document, Aeris is written with C and can work in the following operating systems:
Debian Linux 7 (i386)
Debian Linux 7 (amd64)
Debian Linux 7 (ARM)
Red Hat Enterprise Linux 6 (i386)
Red Hat Enterprise Linux 6 (amd64)
Solaris 11 (i386)
Solaris 11 (SPARC)
FreeBSD 8 (i386)
FreeBSD 8 (amd64)
CentOS 5.3 (i386)
CentOS 5.7 (i386)
Aeris includes data removal utilities, which are commonly used to hide information when shipped from victims' computers to secret service servers via securely encrypted TLS channels.
The Aeris manual does not contain details on how data is collected.
The third and latest manual released today is about an OS X rootkit called SeaPea. The manual of this tool was previously released in another WikiLeaks CIA dump called DarkSeaSkies, a collection of hacking tools on Macs and iPhones (released in March).
Let's remind that SeaPea provides CIA agents with a kernel implant that allows them to maintain infections in OS X systems even after reboots.
Its additional capabilities include the ability to hide files or folders, start socket connections, or to initiate malicious processes.
The SeaPea manual is old and dates back to the summer of 2011 and mentions as "tested operating systems" two very old versions of OS X, Mac OS X 10.6 (Snow Leopard) and Mac OS X 10.7 (Lion).
The current leak is part of a larger series called Vault 7.
Please be reminded that Wikileaks is releasing documents in the Vault 7 series from 7 2017 March, expounding more and more Coca-Cola tools.
Year Zero: CIA exploits popular hardware and software.
Weeping Angel: the spy tool that the service uses to penetrate smart TVs, turning them into disguised microphones.
Dark Matter: exploits targeting iPhones and Mac.
Marble: the source code of a secret anti-forensic framework. It is basically a obfuscator that CIA uses to hide the real source of malware.
Grasshopper: a framework that allows the information service to easily create custom malicious software to violate Microsoft Windows and bypass any virus protection.
Archimedes: a MitM attack tool allegedly created by the CIA for targeting computers within a local area network (LAN).
Scribbles: a software that is designed to add 'web beacons' to secret documents to allow for leakage control by secret services.
Athena:is designed to fully acquire full control over infected Windows computers, allowing the CIA to perform many functions on the target machine, such as deleting data or installing malicious software, data theft, and sending them to CIA servers.
CherryBlossom: a tool that tracks the online activity of a target, redirects the browser, crawls e-mail addresses and phone numbers, and more through the router.
Brutal Kangaroo:tool that can be used to infect air-gapped computers with malware.
ELSA: Windows malware used by the CIA to identify the location of a particular user using his computer's Wi-Fi.
OutlawCountry: Linux malware that the CIA uses to determine the location of a particular user using its computer's Wi-Fi.
BothanSpy - Gyrfalcon: for SSH authentication theft from Windows and Linux respectively
HighRise: the CIA tool for tracking and redirecting SMS messages to a remote server.
Achilles, Aeris and SeaPea: malicious spyware and data transfer software from MacOS and Linux