Hop on the grass A CLI-based framework named the Grasshopper has been built by the CIA to enable building “customized malware” payloads to break into Microsoft’s Windows operating system – even bypassing the anti virus.The leaked documents appear to be a user manual for spies only to be accessed by the members of the agency. As per the documents, the framework enables agency members to easily create malware depending on the operating system and anti virus installed on the target machine. The Grasshopper framework then puts together several components that are sufficient to hack the target machine and delivers a Windows installer when done. The agency members can then run the installer on the target machine to install their own customized malware payloads. Wikileaks claimed that the toolset was designed to go undetected even from the world’s top anti-virus products. It has also claimed that the CIA created the Grasshopper framework as a modern cyber-espionage solution not only to be as easy to use as possible but also “to maintain persistence over infected Microsoft Windows computers.” More details One of these persistence mechanisms linked to Grasshopper is called Stolen Goods which demonstrates how the CIA adapted malware developed by cyber criminals across the globe and also modified it for their own use. One of these is Carberp – developed by Russian hackers. If and how the CIA used these tools is unclear however, with Wikileaks saying these tools were used between 2012 & 2015. As of yet, Wikileaks has revealed the “Year Zero” batch which uncovered CIA hacking exploits for popular hardware and software, the “Dark Matter” batch which focused on exploits and hacking techniques the agency designed to target iPhones and Macs, and the third batch called “Marble” which revealed the source code of a secret framework designed to be anti-forensic – basically an obfuscator or a packer used by the CIA to hide the actual source of its malware.
