WikiLeaks has released a fourth document dump from its CIA stockpile, dubbed Vault 7, with 27 documents from the Grasshopper framework - a platform used to create customised malware for Windows - being put online overnight.
The three previous dumps were on 7 March, 23 March and 31 March.
While no source code has been revealed, it is likely that the information available in these documents will make it possible for those who are targeted by the CIA to find out if any tools built using these techniques are present on their computing devices.
Grasshopper has a number of modules that a CIA operator can use to build customised implants that will, for example, persist on the machines of targets.
{loadposition sam08}Additionally, the framework has flexible language to define rules that are used to "perform a pre-installation survey of the target device, assuring that the payload will only [be] installed if the target has the right configuration".
"Through this grammar CIA operators are able to build from very simple to very complex logic used to determine, for example, if the target device is running a specific version of Microsoft Windows, or if a particular anti-virus product is running or not," a statement from WikiLeaks said.
One of the persistence mechanisms used is called "Stolen Goods" and its "components were taken from malware known as Carberp, a suspected Russian organised crime rootkit".
Carberp surfaced in 2013 and WikiLeaks said this use of code from other malware confirmed the recycling of malware found on the Internet by the CIA.
"The source of Carberp was published online, and has allowed AED/RDB to easily steal components as needed from the malware.".
While the CIA claims that "[most] of Carberp was not used in Stolen Goods" they do acknowledge that "[the] persistence method, and parts of the installer, were taken and modified to fit our needs", providing a further example of reuse of portions of publicly available malware by the CIA, as observed in their analysis of leaked material from the Italian company "HackingTeam".
According to WikiLeaks published Julian Assange, there are many more documents to come in this dump. While its exact source has not been determined, the CIA has not denied that they are from its vaults.