WikiLeaks Exposes AfterMidnight and Assassin CIA Malware Tools

In a turn of events that should surprise absolutely no one, Wikileaks released some controversial information once again. Their latest disclosure revolves around malware designed by the CIA to sabotage existing user software. Two particular hacking tools are highlighted as part of this reveal, both of which are allegedly developed by the CIA.

AfterMidnight and Assassin Are Malicious Tools

The two newly disclosed types of malware will put the CIA in a very bad light. That is, of course, assuming the information provided by WikiLeaks can effectively be tied to the intelligence agency in one way or another. AfterMidnight is a new tool that can be installed on a computer in the form of a DLL file. Unfortunately, this also means this DLL will provide a system backdoor for the CIA and everyone else looking to take advantage of it.

What is even more troublesome is how this DLL will persist regardless of rebooting the computer. It also connects to a centralized command & control server over the HTTPS protocol. This draws a lot of parallels to how malicious software works when it is deployed by criminals. If this information provided by WikiLeaks is accurate, it puts the entire malware sector in a very different light.

One downside to AfterMidnight is how the tool needs a constant connection to the Internet. It comes packed with different modules, ranging from data exfiltration to changing the way local software operates. According to WikiLeaks, the malware manually includes two proper use cases for this technology, including how to prevent users from accessing the browser.

Assassin, on the other hand, does things a bit differently. This alleged CIA malware includes a builder, an implant, and a command & control server. Moreover, it is also using a listening port to route communication between the Assassin malware and the server. However, this particular malware can run as a service on the target computer.

As one would expect, the Assassin malware can then be used to execute specific tasks on said computer. It is equally possible to collect data from the infected machine, similar to how virtually all backdoor Trojans operate these days. It is evident the correlations between CIA malware and criminal malware are growing more prominent as more of this information comes to light.

It is not the first – nor the last – time WikiLeaks released information that makes US government agencies look like the real criminals. All of their Vault 7 coverage has proven to be quite juicy, and it is expected more information will come to light in the coming months. It is evident criminals are taking a very close look at what the CIA is using in terms of malware.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.