As part of the publication of the CIA archive, Wikileaks published descriptions of hacking tools AfterMidnight and Assassin. Despite its simplicity and seemingly innocuous, both represent a serious threat.

Midnight Gremlins.

Wikileaks within the framework of its campaign Vault 7 published two more hacker tools created in the CIA - AfterMidnight and Assassin. Both represent a serious threat, although quite simple in nature. In addition to the tools themselves, the documentation is also published.

The AfterMidnight framework, according to his description, was created not so much to inflict harm or theft of data as to cause minor inconveniences to the user. At its core, it's a backdoor that installs into the system as a DLL file, and then it starts downloading modules on the infected computer that have the characteristic name "Gremlins" (Gremlinware).

As the gremlins rely on, they start to annoy the user in various ways, destabilizing the normal operation of programs installed in the system.

The description of the malicious framework says: "Gremlin can disrupt existing or started processes in several annoying ways: either delay execution, or stop processes, or suspend them so that the user has to disconnect them manually".

You can specify the regularity of such an intervention in normal operation and determine how many processes will be attacked by a "gremlin".

The documentation provides two examples of the use of "gremlins". One of them assumes the maximum difficulty in working with Microsoft PowerPoint ("Because, we admit, users of PP deserve this!" - the description says). For example, every ten minutes, half of the PowerPoint resources "hang", and running a slideshow can take 30 seconds.

The second example involves stopping browser processes (Microsoft Internet Explorer and Mozilla Firefox) every 30 seconds. This is done to ensure that the user is less distracted by the Internet and spent more time on working applications. This has a practical meaning: the more time a user spends working, the more data can be collected by spyware. Here it is necessary to note that, in addition to the "gremlins dirty", AfterMidnight can download into the system and another type of "gremlins" - stealing data.

There is also a third type of "gremlins": their task is to ensure the functional performance of the other two types.

Noiseless murderer.

The second malicious framework, Assassin, is very similar to AfterMidnight, but its ultimate goal is to install a backdoor on the victim's computer and output data from it.

Assassin includes a malicious compiler, an implant, a command server, and a "listening post" - a module that acts as an intermediary between the implant and the control server.

Implant - that is, directly itself harmful - is capable of performing a number of different tasks, primarily spyware. Implant is installed on the system as a Windows service.

Where does that come from.

In the publication Wikileaks affirms that these malware and documentation to them were obtained from hackers and informers - apparently from the special services themselves. Starting from March 7, 2017. And to date all Wikileaks publications are devoted to the CIA hacking toolkit.

"It can not be ruled out that the so-called leaks of" secret instruments "in fact are the way to break them in real conditions," says Dmitry Gvozdev, CEO of Monitor Security. - It is impossible to state this unequivocally, but in theory these leaks may well serve to probe the cyber environment and study the reaction of other opposing sides to the emergence of new instruments. On a practical level, such leaks always lead to the same consequences: the new hacker tools are instantly attached to the most common cybercriminals, motivated only by the possibility of easy earning ".