icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
31 Aug, 2017 11:27

CIA sneak undetectable ‘malicious’ implants onto Windows OS - WikiLeaks

CIA sneak undetectable ‘malicious’ implants onto Windows OS - WikiLeaks

Windows machines are targeted by the CIA under ‘Angelfire,’ according to the latest release from WikiLeaks’ ‘Vault7’ series. The documents detail an implant that can allow Windows machines to create undetectable libraries.

‘Angelfire’ consists of five components – ‘Solartime,’‘Wolfcreek,’ ‘Keystone,’ ‘BadMFS,’ and the ‘Windows Transitory File system,’ according to a statement from WikiLeaks released on Thursday.

‘Solartime’ modifies the partition boot sector of Windows XP or Windows 7 machines when installed, allowing the ‘Wolfcreek’ implant to load and execute. ‘Wolfcreek’ can then load and execute other ‘Angelfire’ implants.

Previously known as ‘MagicWand,’ ‘Keystone’ loads malicious user applications on the machine which never touch the file system, leaving “very little forensic evidence that the process ever ran” according to WikiLeaks.

‘BadMFS’ is described as a library which stores all drivers and implants that ‘Wolfcreek’ can activate. In some versions it can be detected, but in most it’s encrypted and obfuscated, making it undetectable to string or PE header scanning, used to detect malware.

‘Windows Transitory File system’ is used to install ‘AngelFire,’ according to the release, allowing the addition or removal of files from it.

WikiLeaks says the leaked ‘Vault 7’ documents came from within the CIA, which has in turn refused to confirm their authenticity. Previous releases include details on CIA hacking tools used to weaponize mobile phones, compromize smart TVs and the ability to trojan the Apple OS.

READ MORE: How the CIA spies on your everyday life, according to WikiLeaks

Podcasts
0:00
25:36
0:00
25:12