Threat Management, Malware, Network Security

WikiLeaks: CIA used ‘Grasshopper’ framework to infect Windows users

The Central Intelligence Agency (CIA) targets Windows users via a framework called Grasshopper that it uses to customize and execute malware, according to 27 documents published by WikiLeaks in the latest installment of its Vault7 leaks.

The agency can use custom installers tailored to the version of Windows and antivirus software a user is running. The documents also detail persistence mechanisms, those tools that malware uses to evade detection. In one mechanism, Stolen Goods, the CIA use Carberp financial malware that first appeared in 2013. 

The documents indicate that the agency made modifications to Carberp and then used Grasshopper to tailor it to victims computers and persist by evading AV scans and reinstalling itself.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.