Th document leaked by Wikileaks in forwarding the vault 7 series has a new update. Wikileaks has released a new set of 27 documents that belongs to CIA Grasshopper Program.
Wikileaks reveals CIA Grasshopper Program
This set of 27 documents is named as grasshopper. It reveals a CLI framework that is developed by CIA that brings malware designed to breach Windows OS security & bypass anti-virus protection.
According to Wikileaks , all the 27 documents is a super manual which is a secret document for CIA. These documents can only be accessed by member of agency.
What is CIA Grasshopper Program
These documents provide enough knowledge to the member of CIA that can analyze a computer’s internal architecture & create a custom malware that can bypass all the security path & reach to the security of computer.
After the study of a system is complete, Grasshopper provides a custom windows installer program that needs to be installed in the computer of the victim.
The grasshopper executable has single or multiple exe files in the installer. All the exe files are working in the stack manner. One by one & in first in last out algorithm. The basic work of this malware will be to persist a payload.
The custom malware designed through Grasshopper can’t be detected by any anti-virus. The most efficient anti-virus like Kaspersky Lab, Symantec, and Microsoft are not able to detect its presence.
Wikileaks claims that the Grasshopper program is very easy to use and the malware that is generated by the program is very persistent in a Windows computer.
Grasshopper – Copied from a Russian Hacker’s program
One more thing that Wikileaks says is that the Grasshopper program is based upon the tool that is used by cyber criminals across the world. CIA took that hacking tool & modify the program for its own purpose.
The most popular that is doubted to be copied is a Russian Malware called Carberp. According to a statement of the official document “The persistence method and parts of the installer were taken and modified to fit our needs, A vast majority of the original Carberp code that was used has been heavily modified. Very few pieces of the original code exist unmodified.”
Wikileaks had not made clear that how much the tool was used but it was used in the year 2012 to 2015.
So far wikileaks has released many documents in the same series that are
- Year Zero
- CIA hacking exploits
- Dark Matter