• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Wikileaks Exposes CIA’ 3 Linux/macOS Malware- Aeris, Achilles, SeaPea

July 29th, 2017 Uzair Amir Security, Malware 0 comments
Wikileaks Exposes CIA’ 3 Linux/macOS Malware- Aeris, Achilles, SeaPea
Share on FacebookShare on Twitter

We all know what CIA is capable of but what WikiLeaks has been publishing lately under the Vault 7 leaks series is simply astonishing. According to the latest set of information provided by WikiLeaks in its ongoing Vault 7 leaks saga, the CIA developed three dangerous malware for Linux and macOS systems.

The malware were dubbed as Aeris, Achilles, and SeaPea. Aeris is an automated implant that infects Linux systems whereas Achilles and SeaPea infect macOS. The CIA developed the malware for its Imperial Project. Every one of the three hacking tools served a different purpose. Apparently, these were developed for targeting a certain set of operating systems.

[irp posts=”54318″ name=”‘The Most Sophisticated Mac Ransomware’ Being Sold on Dark Web”]

Achilles

Achilles is a utility specially developed for trojanizing macOS DMG installers. WikiLeaks exposed a one-page user guide as well explaining how this particular hacking tool worked. According to the user guide, this tool allowed an operator to fix an executable to a DMG file. This would be used for one-time execution only. When the DMG file is run, the original app is installed, and then the payload is installed. The payload is then removed from the DMG file.

We are not surprised to learn that the Achilles was designed as a one-time execution malware because this is a typical routine of the CIA since the agency is well-known for its preference on staying undetected on targeted computers. The malware has been tested to be compatible with Intel processors running 10.6 OS.

Aeris:

Aeris is the second tool exposed by WikiLeaks. This malware was named after the character called Aeris Gainsborough of the famous game Final Fantasy VII and is designed to infect POSIX systems. The implant/malware is equipped with data exfiltration utilities. These utilities can attack targeted hosts for data stealing through secure TLS-encrypted channels.

The user guide does not provide information about the way this malware collected data. We can only assume that it is part of a bigger chain of attack and that CIA was using it with other tools. The purpose of Aeris was to infect systems, download Aeris malware, locate required data and perform exfiltration of information.

The key features of Aeris include standalone support for HTTPSLS, TLS encrypted communications, configurable beacon interval, structure command, and control server and create compatibility with NOD cryptographic specification. Aeris is distributed through a set of Python utilities. The coding for this hacking tool is done in C while it affects the following systems:

Debian Linux 7 (i386), Debian Linux 7 (amd64), Debian Linux 7 (ARM), Red Hat Enterprise Linux 6 (i386), Red Hat Enterprise Linux 6 (amd64), Solaris 11 (i386), Solaris 11 (SPARC), FreeBSD 8 (i386), FreeBSD 8 (amd64), CentOS 5.3 (i386) and CentOS 5.7 (i386).

[irp posts=”50182″ name=”Quimitchin Malware Targeting Mac Users also Compatible with Linux”]

SeaPea

It is the third malware exposed by WikiLeaks. SeaPea is an OS X rootkit. The manual for SeaPea was released previously by WikiLeaks in another set of CIA data exposure called DarkSeaSkies. It was published in March and showcased a collection of tools, which helped in hacking iPhones and Macs. The purpose of this malware was to provide CIA with a kernel-level implant.

This implant supposedly allowed the CIA operators to distribute persisting infections on OS X systems when the system is rebooted. Furthermore, the malware can hide directories and files, initiate socket connections and launch required malicious processes.

The manual of SeaPea is dated to be created during the summer of 2011. It is listed as “tested operating systems” on two older versions of OS X called Mac OS X 10.6/Snow Leopard and Mac OS X 10.7/Lion. The malware works by assigning processes to any one of the three categories namely: Normal, Elite and Super-Elite. The commands in SeaPea are executed as Elite processes.

BothanSpy and Gyrfalcon: Steals SSH credentials from Linux & Windows devices
OutlawCountry and Elsa: Malware targeting Linux devices and tracking user geolocation
Brutal Kangaroo: CIA hacking tools for hacking air-gapped PCs
Cherry Blossom: CherryBlossom & CherryBomb: Infecting WiFi routers for years
Pandemic: A malware hacking Windows devices
AfterMidnight and Assassin: CIA remote control & subversion malware hacking Windows
Dark Matter: CIA hacking tool infiltrating iPhones and MacBooks
Athena: A malware targeting Windows operating system
Archimedes: A program helping CIA to hack computers inside a Local Area Network
HIVE: CIA implants to transfer exfiltrated information from target machines
Grasshopper: A malware payloads for Microsoft Windows operating systems
Marble: A framework used to hamper antivirus companies from attributing malware
Dark Matter: A CIA project that infects Apple Mac firmware
Highrise: An Android malware spies on SMS Messages

[irp posts=”51212″ name=”10 Powerful But Not Yet Promoted Antivirus for PC, Mac, Android, iPhone”]

  • Tags
  • CIA
  • hacking
  • internet
  • Linux
  • Mac
  • Malware
  • Vault 7
  • wikileaks
Facebook Twitter LinkedIn Pinterest
Previous article Watch: Hackers take over Tesla Model X; control brakes and doors
Next article Healthcare Clinic Suffers Ransomware Attack; 300K Patients Impacted
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
TikTok vulnerability allowed hackers to access users' phone numbers

TikTok vulnerability allowed hackers to access users' phone numbers

Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
TikTok vulnerability allowed hackers to access users' phone numbers
Security

TikTok vulnerability allowed hackers to access users' phone numbers

46
Why you should never use free a VPN
Drones

Why you should never use free a VPN

32
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

261

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us