The latest Wikileaks revelation affects you even if you don’t know or are not interested; it is about the CIA Windows malware creation tool.
Vault 7 is on its way to becoming one of the most important leaks in Wikileaks history; and that is saying a lot considering the history of the organization.
The CIA even has its own platform to create malware
For more than a month now, new inquiries into leaked CIA documents have been published every week; and we are discovering things that we already knew, others that we suspected, and a few that we did not expect.
Today’s reveal fits in the middle: CIA developed a tool to create malware for Windows.
It is something that most of you have imagined, even if you don’t particularly like conspiracies. Simply because it is something that makes perfect sense for an organization like the CIA; although that does not mean that we like to verify that indeed, our suspicions were founded.
The 27 documents published today speak of Grasshopper (grasshopper), a platform accessible via command line by CIA agents and specialists.
How the CIA Windows malware is created
Using these tools, it is possible create malware and integrate it into applications and installers for Windows. In this way, they only had to install the program on the target computers; or have the targets install the program on their own.
This is not as easy as it sounds, and there are many details to consider; therefore, for Grasshopper to function properly it is necessary to know some data about the objectives:
- The operating system used, including the version number.
- The antivirus you use, if you use one.
- Programs installed on the system.
By completing this previous investigation, malware is more likely to be successful; What the malware does is already the choice of the CIA operative that created it.
Furthermore, the malware created with this tool is able to reinstall itself every 22 hours; To do this, modify Windows Update and enable it if it is disabled.
CIA malware “Grasshopper” re-installs itself every 22 hours by corrupting Windows Updateeven if is disabled. https://t.co/NzCiyKkk6C pic.twitter.com/EhLy7QXeEq
WikiLeaks (@wikileaks) April 7, 2017
Customized malware for each operation
The ability to create custom malware is the key to Grasshopper; is a modular platform, which allows one or more installers to be included in one, depending on the needs of the agents.
This modularity works in your favor when the CIA decides using malware created by Internet hackers; something that happens quite often.
The tool allows you to select the necessary components in each operation, and the result can be available in .exe, .dll, .sys or .pic, for both x86 and 64-bit processors.
We do not know what else can come out of the documents leaked by Wikileaks, but what is certain is that what has already been published is enough to fear for our privacy.