WikiLeaks: CIA Caught Planting Malicious Software In Windows – Codename ‘Angelfire’

WikiLeaks Angelfire release reveals CIA placed malicious implants in Windows

All Windows machines have been infiltrated by the CIA under a project codenamed ‘Angelfire’ – allowing the U.S. government to load malicious programs onto a persons computer without their knowledge.

The latest release from WikiLeaks’ Vault 7 series reveals CIA documents that detail an implant that can allow Windows machines to create undetectable libraries.

‘Angelfire’ consists of five elements – ‘Solartime,’‘Wolfcreek,’ ‘Keystone,’ ‘BadMFS,’ and the ‘Windows Transitory File system.’

Rt.com reports: ‘Solartime’ modifies the partition boot sector of Windows XP or Windows 7 machines when installed, allowing the ‘Wolfcreek’ implant to load and execute. ‘Wolfcreek’ can then load and execute other ‘Angelfire’ implants.

Previously known as ‘MagicWand,’ ‘Keystone’ loads malicious user applications on the machine which never touch the file system, leaving “very little forensic evidence that the process ever ran” according to WikiLeaks.

‘BadMFS’ is described as a library which stores all drivers and implants that ‘Wolfcreek’ can activate. In some versions it can be detected, but in most it’s encrypted and obfuscated, making it undetectable to string or PE header scanning, used to detect malware.

‘Windows Transitory File system’ is used to install ‘AngelFire,’ according to the release, allowing the addition or removal of files from it.

WikiLeaks says the leaked ‘Vault 7’ documents came from within the CIA, which has in turn refused to confirm their authenticity. Previous releases include details on CIA hacking tools used to weaponize mobile phones, compromize smart TVs and the ability to trojan the Apple OS.

  • Ron Wheeler

    What does the leading Anti-virus companies say or address this security issue? Or are they a part of this?