Cheat sheets

CIA ‘Pandemic’ tool injects malware into SMB downloaded files

Share this with people that should know this:

The CIA has a tool that injects malware into files that have been downloaded via SMB, this was revealed as evidenced by a new revelation of whistleblower WikiLeaks. The tool is called “Pandemic” and is intended for operating systems that run Windows and have a service running that offers downloadable files via SMB.

Once remote users download a file from the SMB server, the code will be replaced by malware in real time. The original file on the server remains untouched. Only the downloaded copy will be modified.

Pandemic can customize up to 20 programs with a maximum size of 800MB for a select number of remote users.

According to WikiLeaks, it is not mentioned in the documentation, but it seems technically possible to change computers that have been infected via Pandemic and to self-serve files via SMB on the local network in a Pandemic server, thus allowing the chance of performing new attacks in the network.

Share this with people that should know this: