Wikileaks Unveils CIA Tools That Steals Credentials From Windows & Linux PCs

We all know that Wikileaks is exposing the malicious tool of CIA and NSA. However, lately, the popular leak, apparently, has been described by Wikileaks as some horror tools through which the United States Central Intelligence Agency (CIA) is stealing credentials from Windows and Linux PCs. Wikileaks has received rain since its announcement of Walt 7, based on the CIA's alleged confidential documents, all hacking tools of the agent are described.

Wikileaks today published the 15th batch of its ongoing Vault 7 leak at this time, two alleged CIA implants have been given, which are used by the agency to attack different viruses using targeted vectors, targeted SSHs (Secure Shell) allows to stop and exterminate credentials.

Secure Shell or SSH is a cryptographic network protocol that is safely used for remote access on machines and servers on an insecure network.

Dub Dell Botham - Imprint for Microsoft Windows XSell client, and targets openSSH clients on various distributions of Linux OS including Girafallon - Seoxos, Debian, RHEL (Red Hat), OpenSUSE and Ubuntu.

So, what do you think about this? Just share your thoughts and ideas in the comment section below.

Both transfers steal user credentials for all active SSH sessions and then send them to the CIA-controlled server.

BothanSpy - Implant for Windows OS

BothanSpy has been installed on the target machine as a shellerm 3.x extension and is only active if running on xshell with active sessions.

Xshell is a powerful terminal emulator that supports SSH, SFTP, Telnet, RLOGIN and SERIAL to deliver industry leading features including dynamic port forwarding, custom key mapping, user defined buttons, and VB scripting.

"To use the Bayanap to be against the goal of running the X64 version of Windows, the loader used should support WOW64 injection," leak reads the CIA user manual".

"Xshell only comes in the form of an x86 binary, and thus Boththanpoft has been compiled as only x86. Sheller 3.0 3.0 supports Wow64 injection, and the shellTrum is highly recommended." 

Gyrfalcon - Implant for Linux OS

Gyrfalcon targets Linux system (32 or 64-bit kernel) for continuous use of CIA-developed JQC / kitw rootkit.

Gefalak is also able to collect full or partial OpenSSH session traffic, and later stores stolen information in encrypted file for exfoliation.

"The device is running automatically. It is configured in advance, is executed on the remote host and is running on the left," reads the user manual of Gyrfalcon v1.0."

 "After some time, the operator returns and commands all of its collection to flush it on the disk. The operator retrieves the archive file, decrypts it, and analyzes the collected data."

The User Manual for Gearfalcon v2.0 says that the implant includes "two compiled binaries" that should be uploaded to the targeted platform with an encrypted configuration file. 

"Garyphalon does not offer any communication services between the local operator computer and the target platform. The operator should use a third-party application to upload these three files to the target platform."

Previous Vault 7 CIA Leaks

Last week, WikiLeaks snatched a classified CIA project, which allowed spy agency to hack into a PC running Linux Operating System and remotely spy.

Durbard Outlurch, Project CIA allows hackers to redirect all outbound network traffic to the targeted machine, to CIFA-controlled computer systems and to redirect data infiltration.

Since March, the Vital Blowing Group has published 15 batches of "Vault 7" series, including the latest with the following batches and leaks in the previous week:

• ELSA - The alleged CIA malware that tracks the geographic location of targeted PCs and laptops running Microsoft Windows operating systems.

• Cruel Kangaroo - A tool suite for Microsoft Windows used by the agency to target closed networks or air-gap computer systems within an organization or enterprise without the need for any direct access.

• Cherry Blossom - An agency framework used to spy on the internet activity of targeted systems by exploiting loopholes in WiFi devices, basically remotely controlled firmware-based implant.

• Pandemic - The agency's project changed the Windows file server to the underground attack machines, which could quietly infect other computers of interest within a targeted network.

• Athena - A spyware framework designed by CIA that takes full control remotely on infected Windows machines, and works against every version of Windows OS, from Windows XP to Windows 10.

• AfterMidnight and Assassin - Two alleged CIA malware frameworks for the Microsoft Windows platform, designed to monitor operations and execute malicious actions on infected remote host computers.

• Archimedes - Man-in-the-Middle (MTM) attack tool was allegedly designed by the CIA to target computers inside a local area network (LAN).

• Scripts - Software was allegedly designed to embed 'web bacons' into confidential documents, allowing spy agency to track insiders and whistleblowers.

• Grasshopper - Framework that allowed the agency to easily create custom malware to break into Microsoft's windows and inhibit antivirus protection.

• Marble - Source code of a secret anti-forensic structure used by the agency to hide the original source of its malware.

• Dark Matter - Hacking uses a design agency to target iPhone and MACS.

• Eping Angel - The spying tool is used by the agency to infiltrate smart TVs, converting them into secret microfons.

• Year Zero - CIA hacking exploits for popular hardware and software.