Wikileaks Exposes CIA’s 3 Linux/macOS Malware
July 30, 2017
Raina Zakir (74 articles)

Wikileaks Exposes CIA’s 3 Linux/macOS Malware

WikiLeaks claims that a source provided portions of an archive of the CIA’s hacking arsenal, including malware, viruses, trojans, weaponised “zero day” exploits and malware remote control systems that was circulated among former United States government hackers and contractors in an unauthorised manner.

These leaks are a part of Vault 7 leaks, which have witnessed tons of hacking tools that target different operating systems with different attack vectors. The malware were dubbed as Aeris, Achilles, and SeaPea. Aeris is an automated implant that infects Linux systems whereas Achilles and SeaPea infect macOS.

WikiLeaks has been exposing CIA-developed hacking tools on a regular basis since early 2017. WikiLeaks claims that since 2001, the CIA has gained political and budgetary pre-eminence over the US National Security Agency (NSA) and built its own group of hackers.

Aeris, named after Final Fantasy VII’s Aeris Gainsborough, is an implant created to infect a number of Linux distributions, including Debian, CentOS and Red Hat, as well as FreeBSD and Solaris Unix systems. According to the Wikileaks, Aeris supports “automated file exfiltration, configurable beacon interval and jitter, standalone and Collide-based HTTPS LP support and SMTP protocol support – all with TLS encrypted communications with mutual authentication”.

Achilles is a utility specially developed for trojanizing macOS DMG installers. According to the user guide, this tool allowed an operator to fix an executable to a DMG file. This would be used for one-time execution only. When the DMG file is run, the original app is installed, and then the payload is installed. The payload is then removed from the DMG file.

SeaPea “provides stealth and tool-launching capabilities”, according to Wikileaks, so that Central Intelligence Agency agents can monitor and take control of targets’ Macs without their knowledge. There have been six other major releases Snow Leopard, the latest of which is now called macOS instead of OS X (macOS 10.12 Sierra). It’s also able to hide files, socket connections, and processes on the infected systems.

Source | Click Lancashire