CIA has for several years many types of malware for Mac, but today WikiLeaks continued the series of disclosures Vault 7 with some of the malware used on Apple customers. We are talking about malware developed on the basis of two exploits that the CIA had from various sources, these being created within a project that had the code name Imperial inside the information agency.
The CIA used these types of malware to run any kind of application on the Mac only once, so it was a semi-useful vulnerability, apparently. The first type of malware developed by the CIA bears the name Achilles and with its help, any agent of the agency can open an image with files that allow applications to run only once, all without the user actually knowing what is happening in his Mac.
The CIA explains in the malware user guide Achilles that the application containing this malware must resemble an original Mac application used by the user. When that CIA application is run, it deletes the original one, the one with malware remaining in its place, this one being able to exploit old versions of OS X, released by Apple until 2010.
CIA - new types of Mac malware revealed
The CIA has also developed a second type of malware, this one having the name SeaPea, being a rootkit for OS X that allowed to secretly control the computer. SeaPea it was able to hide files and directories, make any kind of internet connections and control various processes, access to Mac data being also possible for a CIA agent without the user knowing.
The CIA used this malware called SeaPea to exploit Macs running up to OS X 10.7, but it only worked if the Mac had root access available. The CIA's malware remained active on the user's Mac until the operating system was reinstalled, or the version updated to delete or modify important system files, the agency losing access.
The CIA had this kind of software because it needed it to gather information, mainly from targets outside the US, but the malware was definitely used locally as well. The CIA has never admitted the existence of this malware, nor of those for the iPhone or iPad, but it will never do so, although no one will believe that now the agency does not have another software that replaces the one that has the vulnerabilities solved.
