CIA discovers the development of three hacking tools that set backdoor / rootkits for Mac / Linux revealed

WikiLeaks has released confidential text detailing three hacking tools that work for Apple's macOS and Linux developed by CIA. This is a confidential sentence that reveals the actual state of CIA's secret intelligence operations "Vault 7It seems to be a part of.

WikiLeaks - Vault 7: Projects

3 New CIA - developed Hacking Tools For MacOS & amp; Linux Exposed

Three of the hacking tools that CIA developed this time are "Achilles" "Aeris" "SeaPea".

◆ Achilles

"Achilles" is a hacking tool that allows CIA operators to combine malicious Trojan applications with legitimate macOS applications into disk image installers (.DMG files). So-calledData bindingWith the tool for,Shell scriptIsBashIt is written in.

When downloading infected disk image installer on macOS terminal and installing software, malicious executable file will be executed in the background as well. After that, all evidence of the Achilles tool will be safely deleted from the downloaded application, so it will not be detected by security researchers or antivirus software.

In addition, version 1.0 of Achilles developed in 2011 seems to have been tested with Mac OS X 10.6.

◆ SeaPea

"SeaPea" for Mac OS XRoot kitIt is a tool to hide important files and processes, socket connections, and make it accessible to the target so that the target is not noticed. The rootkit needs to install root access on the target Mac, but it can not be deleted unless you reformat the boot disk or upgrade the operating system of the infected Mac.

SeaPea developed in 2011 will run on Mac OS X 10.6 and Mac OS X 10.7 which was the latest OS at that time.

◆ Aeris

The third CIA hacking tool is "Aeris", which is an automatic implant written in CIA's operator language.DebianYaCentOS,Red HatSuch asLinux DistributionWhen,FreeBSDYaSolarisIt is a tool for installing backdoor, made for Unix type OS such as.

According to confidential information, it supports automated file export, configurable beacon interval and jitter, standalone and Collide based HTTPS LP support, SMTP protocol, all with mutual authentication TLS encrypted communication function It is.

Also, Aeris is compatible with the NOD cryptographic specification and provides structured commands and controls similar to those used in some Windows implants.

in Software,   Security, Posted by logu_ii