Recently, Wikileaks released a new installment of the Vault7 leaks series on CIA’s malicious hacking tools to spy on its targets. According to the recent leaks from Wikileaks, the Central Intelligence Agency (CIA) has a malware that infects system boot sector to hack Windows PCs.

This CIA Malware Infects System Boot Sector To Hack Windows PCs

Wikileaks today released a new wave of documents in the framework of #Vault7, the series of classified information leaks of the CIA that the portal of Julian Assange uncovered last March.

In the new installment, Wikileaks brings to light the project AngelFire, a CIA malware for Windows that has the ability to load and run custom implants that alter the boot sector and install new viruses. Malicious software affects both the 32-bit and 64-bit versions of Windows XP and Windows 7, as well as 64-bit versions of Windows Server 2008 R2.

According to the report, Angelfire is formed by the five components, whose operations are below mentioned:-

  • Solartime: malware that modifies the boot sector, so that when Windows loads the drivers for the boot devices, it also loads and runs the Wolcreek implant.
  • Wolfcreek: automatic load controller which, in turn, can load additional drivers and applications. According to the documents, this creates memory leaks that can potentially be detected on infected computers.
  • Keystone (formerly called MagicWand): component responsible for initiating other malicious applications. It is always disguised as C:\Windows\system32\svchost.exe and can be detected in the Windows Task Manager.
  • BadMSF: It is a library that implements a hidden file system that is created at the end of active participation. AngelFire uses this component to store the others. All files are obfuscated and encrypted.
  • Windows Transitory File system: alternative component to BadMSF for the installation of AngelFire. In this case, instead of saving the files to a hidden system, it uses temporary files for the storage system.

The AngelFire project is in addition to other CIA malware for Windows that Wikileaks has already uncovered, including Grasshopper and AfterMidnight. Of course, remember that the US Central Intelligence Agency has not confirmed that the documents are real, so we can not say that the described malware has been created by this agency only (CIA).

At the moment, this is all the information that the Assange portal has leaked today, and it is possible that next week we will have a new delivery.

So, what do you think about this new revelation? Simply share your views and thoughts in the comment section below.


Please enter your comment!
Please enter your name here