"Today, April 7th 2017, WikiLeaks releases Vault 7 "Grasshopper" — 27 documents from the CIA's Grasshopper framework, a platform used to build customized malware payloads for Microsoft Windows operating systems," the Wikileaks press release read.
RELEASE: CIA malware for Windows "Grasshopper" — which includes its own language https://t.co/cuNOq3lH4N pic.twitter.com/VEgd8YhyGY
— WikiLeaks (@wikileaks) 7 апреля 2017 г.
According to the whistleblower site, Grasshopper may be used by CIA to determine whether the operating system is being protected by a certain anti-virus or what version of Windows it is operating on.
"Grasshopper is provided with a variety of modules that can be used by a CIA operator as blocks to construct a customized implant that will behave differently, for example maintaining persistence on the computer differently, depending on what particular features or capabilities are selected in the process of building the bundle. Additionally, Grasshopper provides a very flexible language to define rules that are used to 'perform a pre-installation survey of the target device, assuring that the payload will only [be] installed if the target has the right configuration'."
The program allows to create tools that go undetected by major anti-viruses.
The Wikileaks added that the Grasshopper batch sheds lights on "the process of building modern espionage tools and insights into how the CIA maintains persistence over infected Microsoft Windows computers, providing directions for those seeking to defend their systems to identify any existing compromise."
The "Year Zero" batch was followed by the "Dark Matter" released on Match 23. The third batch called "Marble" was released on March 31.
The White House has condemned the leaks, stressing that those responsible for leaking classified information should be held accountable in accordance with the law.
