CIA Malware Can Steal SSH Credentials, Session Traffic

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Forum Veteran
Feb 4, 2016
2,516
15,625
3,578
53
Germany / Poland
CIA Malware Can Steal SSH Credentials, Session Traffic


...some quotes from the article:

WikiLeaks dumped today the documentation of two CIA hacking tools codenamed BothanSpy and Gyrfalcon, both designed to steal SSH credentials from Windows and Linux systems, respectively.

Both tools are "implants," a term the CIA uses to describe malware payloads. Once installed through various means on a target's computer, these two implants hook into SSH-related processes and steal credentials or session traffic, where possible.
Click to expand...

BothanSpy targets Windows
The first — BothanSpy — was designed for Windows computers. According to a 12-page manual dated in March 2015, the malware will hook into the process of Xshell, a Windows SSH client.
...... ....
.... ....
Gryfalcon targets Linux
The second — Gyrfalcon — is an implant for Linux systems. According to a 27-page manual dated in November 2013, this malware can target distros such as RHEL, Ubuntu, Suse, Debian, and CentOS.
.... ....
.... ....
Click to expand...
 
  • Like
Reactions: malis2007
They got SSH, IPSEC and everything inbetween. The only thing they can't break into is OpenVPN. Make sure you use a VPN that uses OpenVPN.
 
  • Like
Reactions: omidomi
You must log in or register to reply here.

You may also like...