Submitted via IRC for TheMightyBuzzard
WikiLeaks has published a new batch of the ongoing Vault 7 leak, detailing a spyware framework – which "provides remote beacon and loader capabilities on target computers" – allegedly being used by the CIA that works against every version of Microsoft's Windows operating systems, from Windows XP to Windows 10.
Dubbed Athena/Hera, the spyware has been designed to take full control over the infected Windows PCs remotely, allowing the agency to perform all sorts of things on the target machine, including deleting data or uploading malicious software, and stealing data and send them to CIA server.
[...] According to the whistleblower organization, Athena has the ability to allow the CIA agents to modify its configuration in real time, while the implant is on target "to customize it to an operation."
"Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system," WikiLeaks claims.
The leaked documents suggest that Athena, written in Python programming language, was developed in August 2015, just a month after Microsoft released its Windows 10 operating system.
Interestingly, one document also suggests that the CIA agents have been advised to make sure that the spyware should not get caught by antivirus software programs, especially Kaspersky AV software.
Source: http://thehackernews.com/2017/05/athena-cia-windows-hacking.html
(Score: 2) by Zyx Abacab on Sunday May 21 2017, @06:45AM (2 children)
Have we really passed into an age in which hackers are using an interpreted language for exploits? Good lord.
Maybe it's just the wording. I mean, I guess that the payload could easily install an interpreter after it runs; and that it's the higher-level stuff that depends on Python.
But I find it really hard to believe that any system-level malware could be written entirely in Python—especially for a platform that has never bundled a Python interpreter!
(Score: 0) by Anonymous Coward on Sunday May 21 2017, @10:32AM
Why not? Most malware doesn't need to do a lot of low level stuff. And nowadays the average PC's bandwidth and CPU power is relatively high.
In the old days a 5MB perl/python malware might be too huge, but nowadays many ad infested pages probably are close to 5MB if not larger.
I would think it's easier to do polymorphic malware in an interpreted language - could more easily automate morphing it to pass AV scans. Think of Perl's TIMTOWTDI.
(Score: 2) by darkfeline on Monday May 22 2017, @05:06PM
You're a few years late to the party. Someone who follows such communities more closely can elaborate, but I have heard of Python being used regularly for exploits at least two years ago.
Join the SDF Public Access UNIX System today!