The CIA’s Aeris Malware Can Exfiltrate Data From Linux Systems

Not a week goes by without WikiLeaks unveiling some more condemning evidence of the CIA’s malware tools. The latest reveal is Aeris, an automated implement which affects many different distributions of the Linux operating system. This particular tool packs quite a lot of features under the hood in an effort to gather as much intelligence as possible. This is surely not the last tool of its kind we will meet.

Aeris Malware Likes to Infiltrate Linux Servers and Systems

Even though most technology experts consider Linux to be the most secure operating system, that is not entirely accurate. Over the past few months, we have seen multiple malware types targetting the Linux OS, either to install cryptocurrency mining software or to exfiltrate important data. Never one to sit on the sidelines, the CIA has built its own set of tools to infiltrate Linux servers around the world. One of these is Aeris, a disruptive type of malware capable of affecting popular Linux distros.

Aeris can infiltrate systems running Debian Linux 7, Red Hat Enterprise Linux 6, Solaris 11, FreeBSD 8 and seniors 5.3 and 5.7. That is a large list, considering that a lot of those Linux flavors are very common. Aeris can successfully infiltrate all of these systems and does its work unabated. Its tools include a way to snoop on encrypted communication, hook into SMTP communication, and exfiltrate files automatically.

It is not the first time we have come across CIA malware, and the Wikileaks team has done an outstanding job of keeping tabs on all of these discoveries. The agency has developed many versions of malware to serve the same purpose. No operating system in the world is safe from CIA infiltration these days, even though some of its tools are no longer usable by the look of things. It is unclear whether Aeris is still an active threat, but it seems plausible to assume that could be the case.

Hacking tools are often developed by intelligence agencies as ways to keep the world safe from threats. However, these tools can also be used for less legitimate purposes such as stealing information from consumers and corporations alike. It is impossible to tell whether the CIA ever deployed this malware, and if so, who its target or targets were. There was some abuse of this tool along the way, as no one can resist the temptation of having the world’s information in the palm of their hand.

The leaked Aeris manual does not contain any specific information on how the tool collects data. It is possible this is just one tool in a multi-pronged attack plan by the CIA, although that has yet to be officially confirmed. If CIA operators have, in fact, combined multiple hacking tools to infiltrate servers and obtain sensitive information, WikiLeaks may have yet to unveil the bigger “tools” developed by the agency. 

The CIA — an intelligence agency tasked with keeping the U.S. safe — may have abused its power on multiple occasions. Spying during the Cold War is very different from snooping in this day and age of digitization. Tools such as Aeris can go a long way in collecting valuable information on threats to national security while remaining hidden in the dark corners of the internet. At this rate, it is almost frightening to think of what WikiLeaks may uncover next.