WikiLeaks latest CIA dump focuses on malware for Windows

Agents could use 'Grasshopper' to custom build malware for a target's computer setup.

the-lightwriter via Getty Images

As WikiLeaks continues to extend the mileage from its "Vault 7 cache" of CIA information, its latest release focuses on tools it says the agency uses for hacking Windows computers. While its release didn't include any source code, manuals described a "Grasshopper" tool used to create custom malware setups depending on the target intended. As CSO Magazine explains, it used some elements from the Carberp financial malware that leaked onto the internet in 2013. The CIA's Advanced Engineering Division and Remote Development Branch allegedly modified that malware, while the Grasshopper setup allows them to customize its ability to persist on the victim's computer, reinstall itself and evade antivirus scans.

Documents dated 2014 list what antivirus products and configurations Grasshopper could bypass on Windows XP, 7 and 8.1 systems, with varying levels of success. According to Ars Technica, however, this release isn't as damaging as last week's drop, which exposed some of the ways CIA developers hide any signs that could tie an attack to their agency.