Wikileaks reveals new CIA tools to steal passwords

Four months after that initial Vault 7 release, Wikileaks continues its battle against the CIA. They continue to leak regularly. On other occasions we have seen data on malwares, recently one for hacking Linux computers. Today, they bring us two new tools called BothanSpy and Gyrfalcon.

Wikileaks reveals new CIA tools to steal passwords

These are two tools that the CIA uses or used to steal passwords from servers or websites in SSH format. For those who don't know the term, SSH stands for Secure SHell. A protocol that provides secure access and exchange of files and commands between a client and a server.

How these CIA tools work

Among the documents leaked by Wikileaks, they comment that BothanSpy is an implant that targets the SSH of the Windows client. Installs on a 3.x Shelterm extension on the target machine. It has the ability to steal user credentials from all those active sessions. Additionally, you can send the stolen keys to a Central Intelligence Agency controlled server. Or also save them in an encrypted file.

The second tool is Gryfalcon. It is an implant aimed at OpenSSH clients on Linux platforms. It is installed on the target machine using a root kit. It can both steal user credentials and log session traffic.

Two new, out of the many tools the CIA has used and continues to use to access user data. Therefore, this is just one of the many chapters that await us in the Wikileaks leaks. What do you think about these new tools?