The CIA has a tool that injects malware into files that have been downloaded via SMB, this was revealed as evidenced by a new revelation of whistleblower WikiLeaks. The tool is called “Pandemic” and is intended for operating systems that run Windows and have a service running that offers downloadable files via SMB.
Once remote users download a file from the SMB server, the code will be replaced by malware in real time. The original file on the server remains untouched. Only the downloaded copy will be modified.