Wikileaks Posts CIA's Imperial Hacking Tools Targeting OS X And Linux
Image Source: Flickr (Tony Webster)
The first of these is called Achilles. According to the documentation, it is a capability that gives an operator the ability to infect a target's OS X disk image (.dmg) with a Trojan. The infected image will behave similar to the original image, except for secret software getting installed unbeknownst to the target. Once installed, Achilles automatically removes all traces of itself so that it is near impossible to detect.
It has been several years since Achilles was in use, or at least version 1.0. The document is dated July 15, 2011, and makes reference to being tested on OS X 10.6. There have been six other major releases Snow Leopard, the latest of which is now called macOS instead of OS X
Next on the list (if going down alphabetically) is Aeries. This one takes aim at Linux systems with a set of Python utilities and binaries. The documentation is nine pages long and gets pretty technical in places. Named after a Final Fantasy character, Aeries is essentially a backdoor written in C programming language. It includes functions for pilfering data and can be used to build customized implants on portable Linux OSes such as Debian, CenOS, Red Hat, FreeBSD, and Solaris.
The last of three tool contained in the data dump SeaPea, an OS X rootkit disguised as an iTunes component. It provides stealth and tool launching capabilities and can hide files, directors, socket connections, and processes. Rootkits are especially nasty bits of code because they sink their hooks deep within the OS. That makes them both difficult to detect and remove.
It is not clear if the CIA is using newer versions of these tools or has abandoned altogether.