Dubbed Purple Lambert by Kaspersky; the malware passively listens to network traffic and search for a “magic packet.”
The Global Research and Analysis Team (GReAT) at Kaspersky Lab has discovered a new malware which the company claims is developed by the American Central Intelligence Agency (CIA).
The Moscow, Russia-based cybersecurity giant said it spotted the malware in “a collection of malware samples” belonging to several APT groups. These samples were received by Kaspersky and other cybersecurity companies in February 2019.
According to researchers, the samples were compiled in 2014 and, accordingly, were likely deployed in 2014 and possibly as late as 2015.
Purple Lambert malware
Dubbed Purple Lambert by Kaspersky researchers; the malware is equipped with backdoor capabilities allowing it to passively listen to network traffic and search for a “magic packet.”
Additionally, the malware can extract basic information from a targeted system along with executing the payload it receives from its operators.
These details were shared by Kaspersky on April 27th in its APT Trends report- Q1 2021.
CIA, WikiLeaks, Vault7 & Lambert malware family
Although Kaspersky’s report did not name the CIA, listing the malware in the category of Lambert malware family reveals its connections with the agency.
How? In 2017, days when the whistleblowing organization WikiLeaks exposed the CIA’s large-scale hacking capabilities in a series called Vault7, the cybersecurity firm Symantec published a blog post about a malware it called Longhorn, on the other hand, Kaspersky researchers named the same malware as the Lambert family.
Furthermore, after an in-depth analysis of the samples, Kaspersky identified several similarities between the malware and those used by the CIA in past such as Gray Lambert, thus naming it Purple Lambert.
As for its usage; the company believes there is no evidence that the malware has been used in the wild, at least not for several years.
Although we have not found any shared code with any other known malware, the samples have intersections of coding patterns, style, and techniques that have been seen in various Lambert families, Kaspersky concluded.