The latest Wikileaks docs reveal the files pertain mostly to Grasshopper, a framework used to build custom installation executables, and the agency’s use of the Carberp malware in its Stolen Goods persistence mechanism. This leak puts the spotlight on another of the CIA’s internal tools and on how it repurposes public malware to suit its own purposes.
Grasshopper’s user guide explains that it was used to build and execute custom malware. Operators could use various installers, target devices based on what version of Windows they use or what antivirus software is installed, and decide if the malware should create a log file when it’s run.
You can find out more about Grasshopper and Stolen Goods in WikiLeaks’ latest release from the Vault 7 trove. The organization previously revealed how the CIA tries to work around end-to-end encrypted communications tools, bypasses Windows antivirus software, and considers the possibility of assassination via remote car hack.
[Source]
