Vault 7: The CIA weaponized these popular programs to spy on people

By Wayne Williams
Published 8 years ago

cia-vault-7

Two days ago, WikiLeaks unleashed a treasure trove of data relating to the CIA's supposed arsenal of hacking tools. Code-named Vault 7, the "Year Zero" cache contains over 8,500 documents and files, and is, according to WikiLeaks, just the first batch. More content will be leaked over time.

While we know that the CIA’s zero day weapons could be used to exploit iPhones, Android devices, Windows PCs and even Samsung TVs, one of the hacking tools is particularly interesting.

Named "Fine Dining", and developed by the OSB (Operational Support Branch), in the CIA's Center for Cyber Intelligence, it is a collection of malware-laced applications that could be used to spy on a target system. In all cases bar one (U3 Software, which had a Trojan as its execution vector) the OSB used DLL Hijacking to inject the malicious code into the application.

Once run (many of the weaponized apps are portable, and designed to run from a USB memory stick), the decoy app executed malicious code, and could steal information without the user knowing. "Fine Dining" allows for the decoy app to be fully customized depending on what is required.

An agent will need to install and run the malicious app on the target PC for it to gather data. It's important to note the standard programs -- which you might use on a daily basis -- are safe so you don't need to worry they are spying on you

The list of allegedly weaponized applications includes:

VLC Player Portable
IrfanView
Notepad++
Skype
Chrome Portable
Firefox Portable
Opera Portable
ClamWin Portable
Kaspersky TDSS Killer Portable
McAfee Stinger Portable
Sophos Virus Removal
Opera Mail
Thunderbird Portable
Foxit Reader
LibreOffice Portable
Prezi
Babel Pad
Iperius Backup
Sandisk Secure Access
U3 Software
2048
LBreakout2
7-Zip Portable
Portable Linux CMD Prompt

The latest version of Notepad++, which is included in the list, patches the DLL hijack security issue that was detailed on the WikiLeaks page. No doubt other software developers will be updating their products in light of the leak in the near future.

11 Comments

Vault 7: The CIA weaponized these popular programs to spy on people

11 Responses to Vault 7: The CIA weaponized these popular programs to spy on people

Recent Headlines

Businesses taking longer to recover from cyber incidents

Corsair introduces K65 Plus Wireless keyboard and M75 Wireless mouse in new Mac-friendly colors

The future of facilities management software [Q&A]

Tiny11core maker updated to support Windows 11 24H2

Linux 6.12 officially released

Pornhub traffic reveals the naked truth behind Trump’s 2024 election victory

McAfee reports rise in AI scams and deepfake threats for holiday shoppers

Most Commented Stories

What happens to Linux when Linus Torvalds dies?

Windows 10: Microsoft reveals how much you'll need to pay to keep receiving updates

Bluesky thinking -- why left-wingers are leaving X and why X will get over it

Bring your Windows 10 and 11 desktops to life with the amazing (and free!) Sucrose -- download it now

The Guardian’s exit from Elon Musk’s X shows a lack of journalistic courage

Unnecessary replacement of hardware leads to higher costs and growing waste problem

Tech leaders congratulate Donald Trump on 2024 election victory

Belkin launches Connect USB-C 11-in-1 Pro GaN Dock with 150W power