WikiLeaks today revealed 3 new hacking tools built by the CIA that target Mac and Linux computers. The leaked hacking tools are supposedly related to the CIA’s so-called Imperial project.
The first hacking tool called Achilles, is probably the most interesting out of the three. Achilles can be used by CIA operators to essentially pack malicious applications with an actual macOS app (.dmg) for one-time execution. Once a user installs the infected file, the malicious app would run in the background without the user noticing its execution, and it’ll also self-destruct — leaving the actual application look untouched. The first version of Achilles was built back in 2011, tested only on macOS’ Snow Leopard (10.6).
The second and third tools are known as SeaPea and Aeris, respectively. SeaPea can be used by CIA operators to get low-level access to a Mac without the user even realizing, and the only way to completely get rid of the tool would require the user to completely format their main drive. Similar to Achilles, SeaPea was also developed in 2011 and tested on macOS’ Snow Leopard (10.6) and Lion (10.7). Aeris, on the other hand, is apparently built to backdoor Linux and affects Debian, CentOS, and Red Hat.
With recent ransomware attacks like WannaCry hunting Windows users, especially business still running outdated versions of Windows, the latest revelations from WikiLeaks once again proves that there really isn’t any OS secure from all these types of attacks. For all we know, the CIA could have been using any of these tools to spy on Mac and Linux users.