Home
One In The Chamber, One In The Socket Mac OS

One In The Chamber, One In The Socket Mac OS

June 04 2021

One In The Chamber, One In The Socket Mac OS

Today, Wikileaks published more documents part of its Vault 7 CIA exposé series, revealing new manuals for three tools named Achilles, Aeris, and SeaPea, part of a larger CIA project named Imperial.

This document is a Mac OS X manual page. Manual pages are a command-line technology for providing documentation. You can view these manual pages locally using the man(1) command. These manual pages come from many different sources, and thus, have a variety of writing styles. Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for.

Each of the three tools has a different purpose, being developed to target only a specific set of operating systems.

Achilles

Rather than adding yet another section to our standard OS X installation guides, we've put together a separate guide to cover the UEFI setup process. NOTE: This guide primarily applies to the UEFI on older Gigabyte motherboards with the LGA 1155 socket- this means P67, Z68, Z77, H67, H77, B75, and Q77 motherboards.

The first of these tools is named Achilles and this is a utility for trojanizing macOS DMG installers.

According to a one-page user guide released by WikiLeaks, Achilles allows an operator to bind an executable to a DMG file for a one-time execution.

Running the DMG file installs the original app, installs the payload, and then removes the payload from the DMG file. Using a one-time execution routine is typical to US cyber-intelligence, who are known to put a lot of effort into remaining undetected on targeted machines.

Aeris

The second CIA hacking tool manual released today is for a tool called Aeris, which is an implant (malware) for POSIX systems.

One In The Chamber One In The Socket Mac Os X

According to the document, Aeris is written in C and can work on the following operating systems:

Debian Linux 7 (i386)
Debian Linux 7 (amd64)
Debian Linux 7 (ARM)
Red Hat Enterprise Linux 6 (i386)
Red Hat Enterprise Linux 6 (amd64)
Solaris 11 (i386)
Solaris 11 (SPARC)
FreeBSD 8 (i386)
FreeBSD 8 (amd64)
CentOS 5.3 (i386)
CentOS 5.7 (i386)

Under the hood, Aeris includes features specific to data exfiltration utilities, usually used to steal information from targeted hosts via secure TLS-encrypted channels.

The Aeris manual doesn't include details of how the data is collected, most likely meaning its part of a larger attack chain and CIA operators must use other tools to compromise systems, identify desired data, download Aeris, and only then exfiltrate any collected information.

One in the chamber one in the socket mac os download

SeaPea

The third and final manual released today is for an OS X rootkit named SeaPea. This tool's manual was previously released in another WikiLeaks CIA dump named DarkSeaSkies, a collection of tools for hacking Macs and iPhones, released in March.

One In The Chamber One In The Socket Mac Os Pro

To review, SeaPea provides CIA operators with a kernel-level implant that allows them to persist infections on OS X systems between system reboots.

Additional capabilities include the ability to hides files or directories, start socket connections or launch desired (malicious?) processes.

The SeaPea manual is old, being dated to the summer of 2011, and lists as 'tested operating systems' two very old OS X versions — Mac OS X 10.6 (Snow Leopard) and Mac OS X 10.7 (Lion).

Today's dump is part of a larger series called Vault 7 contains documents WikiLeaks claims were stolen from the CIA by hackers and insiders. You can follow the rest of our WikiLeaks Vault 7 coverage here. Below is a list of the most notable WikiLeaks 'Vault 7' dumps:

ᗙ Weeping Angel - tool to hack Samsung smart TVs
ᗙ Fine Dining - a collection of fake, malware-laced apps
ᗙ Grasshopper - a builder for Windows malware
ᗙ DarkSeaSkies - tools for hacking iPhones and Macs
ᗙ Scribble - beaconing system for Office documents
ᗙ Archimedes - a tool for performing MitM attacks
ᗙ AfterMidnight and Assassin - malware frameworks for Windows
ᗙ Athena - a malware framework co-developed with a US company
ᗙ Pandemic - a tool for replacing legitimate files with malware
ᗙ CherryBlossom - a tool for hacking SOHO WiFi routers
ᗙ Brutal Kangaroo - a tool for hacking air-gapped networks
ᗙ ELSA - malware for geo-tracking Windows users
ᗙ OutlawCountry - CIA tool for hacking Linux systems
ᗙ BothanSpy & Gyrfalcon - CIA malware for stealing SSH logins
ᗙ HighRise - Android app for intercepting & redirecting SMS data

Related Articles:

ADC Home>Reference Library>Reference>Mac OS X>Mac OS X Man Pages

This document is a Mac OS X manual page. Manual pages are a command-line technologyfor providing documentation. You can view these manual pages locally using theman(1) command.These manual pages come from many different sources, and thus, have a variety of writingstyles.

For more information about the manual page format, see the manual page for manpages(5).

Sending feedback…

We’re sorry, an error has occurred.

Please try submitting your feedback later.

Thank you for providing feedback!

Your input helps improve our developer documentation.

One In The Chamber, One In The Socket Mac OS

Leave a Reply

Cancel reply