We all know what CIA is capable of but what WikiLeaks has been publishing lately under the Vault 7 leaks series is simply astonishing. According to the latest set of information provided by WikiLeaks in its ongoing Vault 7 leaks saga, the CIA developed three dangerous malware for Linux and macOS systems.
The malware were dubbed as Aeris, Achilles, and SeaPea. Aeris is an automated implant that infects Linux systems whereas Achilles and SeaPea infect macOS. The CIA developed the malware for its Imperial Project. Every one of the three hacking tools served a different purpose. Apparently, these were developed for targeting a certain set of operating systems.
Achilles is a utility specially developed for trojanizing macOS DMG installers. WikiLeaks exposed a one-page user guide as well explaining how this particular hacking tool worked. According to the user guide, this tool allowed an operator to fix an executable to a DMG file. This would be used for one-time execution only. When the DMG file is run, the original app is installed, and then the payload is installed. The payload is then removed from the DMG file.
We are not surprised to learn that the Achilles was designed as a one-time execution malware because this is a typical routine of the CIA since the agency is well-known for its preference on staying undetected on targeted computers. The malware has been tested to be compatible with Intel processors running 10.6 OS.
Aeris is the second tool exposed by WikiLeaks. This malware was named after the character called Aeris Gainsborough of the famous game Final Fantasy VII and is designed to infect POSIX systems. The implant/malware is equipped with data exfiltration utilities. These utilities can attack targeted hosts for data stealing through secure TLS-encrypted channels.
The user guide does not provide information about the way this malware collected data. We can only assume that it is part of a bigger chain of attack…