CIA’s Grasshopper Windows Hacking Framework Revealed

Trending website WikiLeaks today April 7th, 2017, released new 27 documents of vault 7 series of leaked documents, which belonged to US Central Intelligence Agency (CIA).

The Framework named Grasshopper was built by CIA to make customized malware, payloads to bypass the antivirus and hack into Windows operating system.

According to WikiLeaks, the Grasshopper framework helps the user to make custom malware, depending upon the technical details of the victim’s system.

Grasshopper Framework is designed in such a way that it allows tools to be installed and modified using extensions. Grasshopper is no less than a Rat because it also helps users to maintain persistence over the malware affected systems.

It also puts certain attention on Personal Security Products avoidance, so that it remain undetectable by such products like “Symantec Endpoint” or “Kaspersky IS” on the victim’s machine.

Grasshopper used Stolen Russian Malware

“One of the persistence mechanisms used by the CIA here is ‘Stolen Goods’ – whose “components were taken from malware known as Carberp, a suspected Russian organized crime rootkit.” Confirming the recycling of malware found on the Internet by the CIA.” WikiLeaks said in the press release.

WikiLeaks also says that the malware was used by CIA in between 2012 and 2015. Anyhow there is no information about any recent usage of the malware.

WikiLeaks also released Dark Matter and Marble Framework in the month of March on 23rd and 31st respectively.

The Vault 7 “DarkĀ Matter” release was containing documentation of the malware used in the CIA projects which were used to infect Apple Mac firmware. Which results in a permanently infected Mac because the firmware was being infected the re-installation can’t help to get rid of that malware, It should how they can gainĀ persistence over Apple devices using the malware.

Whereas The Vault 7 “Marble Framework” release was containing 676 source code files of the CIA’s anti-forensic Marble Framework. which means there will be no traces of the hack, and CIA could remain anonymous.