- Jul 22, 2014
- 2,525
WikiLeaks dumped today the documentation of two CIA hacking tools codenamed BothanSpy and Gyrfalcon, both designed to steal SSH credentials from Windows and Linux systems, respectively.
Both tools are "implants," a term the CIA uses to describe malware payloads. Once installed through various means on a target's computer, these two implants hook into SSH-related processes and steal credentials or session traffic, where possible.
BothanSpy targets Windows
The first — BothanSpy — was designed for Windows computers. According to a 12-page manual dated in March 2015, the malware will hook into the process of Xshell, a Windows SSH client.
BothanSpy will use this access to steal user credentials for all active SSH sessions. This data can be sent right away to a remote server, or stored on disk in an encrypted file.
Gryfalcon targets Linux
...
Both tools are "implants," a term the CIA uses to describe malware payloads. Once installed through various means on a target's computer, these two implants hook into SSH-related processes and steal credentials or session traffic, where possible.
BothanSpy targets Windows
The first — BothanSpy — was designed for Windows computers. According to a 12-page manual dated in March 2015, the malware will hook into the process of Xshell, a Windows SSH client.
BothanSpy will use this access to steal user credentials for all active SSH sessions. This data can be sent right away to a remote server, or stored on disk in an encrypted file.
Gryfalcon targets Linux
...
