WikiLeaks drops new CIA tools, BothanSpy and Gyrfalcon <\/p>\n
WikiLeaks latest Vault7 offering includes two CIA hacking tools, BothanSpy and Gyrfalcon 2.0, which can swipe SSH credentials. <\/p>\n
BothanSpy and Gyrfalcon target the Windows and Linux operating systems, respectively, reported Bleeping Computer. <\/p>\n
According to the BothanSpy user manual, posted by Wikileaks and dating from 2015, this malware will is a tool that targets the SSH client program Xshell and steals user credentials for all active SSH sessions. BothanSpy will exfiltrate the stolen credentials through the Fire and Collect (F&C) channel and out to disk on the attacker-side. By using F&C, BothanSpy never touches disk. <\/p>\n
The even older Gyrfalcon manual states The application compresses, encrypts, and stores the collected data into a collection file kept on the Linux platform's file system. Gyrfalcon is capable of collecting full or partial OpenSSH session traffic including user name and passwords of OpenSSH users. <\/p>\n
Bleeping Computer noted that WikiLeaks has previously released 13 pieces of malware the hacktivist group claims has been pulled from the CIA. <\/p>\n
<\/p>\n