Vault 7: The CIA weaponized these popular programs to spy on people
Two days ago, WikiLeaks unleashed a treasure trove of data relating to the CIA's supposed arsenal of hacking tools. Code-named Vault 7, the "Year Zero" cache contains over 8,500 documents and files, and is, according to WikiLeaks, just the first batch. More content will be leaked over time.
While we know that the CIA’s zero day weapons could be used to exploit iPhones, Android devices, Windows PCs and even Samsung TVs, one of the hacking tools is particularly interesting.
Named "Fine Dining", and developed by the OSB (Operational Support Branch), in the CIA's Center for Cyber Intelligence, it is a collection of malware-laced applications that could be used to spy on a target system. In all cases bar one (U3 Software, which had a Trojan as its execution vector) the OSB used DLL Hijacking to inject the malicious code into the application.
Once run (many of the weaponized apps are portable, and designed to run from a USB memory stick), the decoy app executed malicious code, and could steal information without the user knowing. "Fine Dining" allows for the decoy app to be fully customized depending on what is required.
An agent will need to install and run the malicious app on the target PC for it to gather data. It's important to note the standard programs -- which you might use on a daily basis -- are safe so you don't need to worry they are spying on you
The list of allegedly weaponized applications includes:
- VLC Player Portable
- Chrome Portable
- Firefox Portable
- Opera Portable
- ClamWin Portable
- Kaspersky TDSS Killer Portable
- McAfee Stinger Portable
- Sophos Virus Removal
- Opera Mail
- Thunderbird Portable
- Foxit Reader
- LibreOffice Portable
- Babel Pad
- Iperius Backup
- Sandisk Secure Access
- U3 Software
- 7-Zip Portable
- Portable Linux CMD Prompt
The latest version of Notepad++, which is included in the list, patches the DLL hijack security issue that was detailed on the WikiLeaks page. No doubt other software developers will be updating their products in light of the leak in the near future.