WikiLeaks released its third package of CIA documents on Friday which highlight source code used by the CIA to avoid antivirus programs.
The source code is for a tool called “Marble,” what is known as an obfuscator or packer.
Obfuscators are principally designed to jumble the execution of malware so that programs designed to spot malware have trouble determining what it is.
The Marble toolkit includes a variety of different algorithms to accomplish that task.
In its release, WikiLeaks describes the primary purpose of Marble as being to insert foreign language text into the malware to cause malware analysts to falsely attribute code to the wrong nation.
This appears to be an inaccurate description of the primary purpose of the code, however.
- WikiLeaks: CIA Programs That Hide Dirty Work
- Wikileaks releases code that could unmask CIA hacking operations
- WikiLeaks says CIA disguised hacking as Russian activity