The CIA has a tool that injects malware into files that have been downloaded via SMB, this was revealed as evidenced by a new revelation of whistleblower WikiLeaks. The tool is called “Pandemic” and is intended for operating systems that run Windows and have a service running that offers downloadable files via SMB.
Once remote users download a file from the SMB server, the code will be replaced by malware in real time. The original file on the server remains untouched. Only the downloaded copy will be modified.
Pandemic can customize up to 20 programs with a maximum size of 800MB for a select number of remote users.
According to WikiLeaks, it is not mentioned in the documentation, but it seems technically possible to change computers that have been infected via Pandemic and to self-serve files via SMB on the local network in a Pandemic server, thus allowing the chance of performing new attacks in the network.