The files this time focusing on flaws in Microsoft’s Windows operating system. WikiLeaks: New files show how CIA hides malware on Windows computers

WikiLeaks on Friday released more files that it says reveal the CIA’s efforts to hack consumer electronics — this time focusing on flaws in Microsoft’s Windows operating system.

The new batch of 27 documents includes alleged manuals for the spy agency’s Grasshopper program, which WikiLeaks says the CIA uses to build Windows malware. The online activist group had previously released files March 23 on the CIA's hacking of Apple Macs and iPhones, and March 31 on the agency's tools for thwarting investigators and antivirus programs.


Most of the documents describe how the CIA builds “persistence modules,” software that lets malware survive on a target machine despite reboots, reinstallations and other attempts to wipe the system clean.

One alleged persistence module, “Stolen Goods,” uses code from the Carberp malware tool, which is believed to come from Russia’s criminal hacker underground.

Some of the other modules — with code names like “Wheat,” “Crab” and “Buffalo” — smuggle malware onto a system and preserve it using Windows components like drivers and executable files. Another module, “Netman,” piggybacks on Windows’ network connection system.

WikiLeaks said its release of the files offered “directions for those seeking to defend their systems to identify any existing compromise.”