Wikileaks Unveils CIA Tools That Steals Credentials From Windows & Linux PCs
Wikileaks Unveils CIA Tools That Steals Credentials From Windows & Linux PCs

We all know that Wikileaks is revealing the malicious tools of CIA and NSA. However, recently, the popular leakster, of course, Wikileaks has revealed few creepy tools through which the Central Intelligence Agency of United States (CIA) steals credentials from Windows and Linux PCs.

Wikileaks Unveils CIA Tool That Steals Credentials From Windows & Linux PCs

It has rained since Wikileaks announced Vault7, the biggest leak in the history of alleged CIA confidential documents describing all kinds of hacking tools of the agency.

However, the series of leaks Vault7 seems endless. As the famous leakster Wikileaks has already made public the tools used by the Central Intelligence Agency (CIA) to hack WiFi routers, the tech giant Microsoft’s Windows computers, the tech giant Apple’s devices or Samsung televisions, among other devices.

Four months after that initial publication, WikiLeaks continues to launch a trickling trickle every week. If in previous releases we have shown malware to hack Linux computers or computers with different versions of Windows.

While virtually everything Wikileaks has uncovered from the CIA has to do with malware for Windows computers, it is especially noteworthy that Outlaw Country is the first tool explicitly intended for Linux, which as we all know is much safer than other operating systems and Patches your vulnerabilities much faster.

But, this time the portal shows us are BothanSpy and Gyrfalcon, the tools used by the CIA (Central Intelligence Agency) to steal passwords from servers or websites in SSH format.

SSH, it stands for Secure Shell, which is a protocol that actually provides secure access and exchange of commands or files between a client (a user or a computer) and a remote machine (of course, a server).

According to Wikileaks in a statement, BothanSpy is an implant that is directed to the client program SSH Xshell Windows and it is installed as a Shelterm 3.x extension on the target machine. This malicious software has the ability to steal user credentials from all active sessions.

According to the report, this malware can send the stolen keys to a server controlled by the US Central Intelligence Agency (CIA), or save them in an encrypted file for later transmission by other means.

The second tool that has been filtered today by Wikileaks is Gyrfalcon, an implant directed against the client OpenSSH in the Linux platforms (CentOS, Debian, RHEL, SUSE, Ubuntu) that is installed in the objective machine by means of a rootkit.

It has the ability not only to steal user credentials from active SSH sessions but it can also log full or partial session traffic as well. All the information collected is stored in an encrypted file for later exportation.

So, what do you think about this? Simply share your views and thoughts in the comment section below.


Please enter your comment!
Please enter your name here