ShadowBrokers release UNITEDRAKE NSA malware

The ShadowBrokers group of hackers has released a remote access and control tool used by the US NSA to capture information from Windows-based machines.

UNITEDRAKE schematic.

The existence of the UNITEDRAKE RAT first came to light in 2014 as part of a series of classified documents leaked by former NSA contractor Edward Snowden.

UNITEDRAKE is a modular malware [pdf] that runs on Microsoft Windows XP, Vista, 7, 8 and up to Windows Server 2012, with clients planted on target machines that send information to a server over the internet.

By using plugins, the malware can capture webcam and microphone output, log keystrokes, access external drives and more for surveillance purposes.

Documents leaked by Snowden suggested it was used by the NSA alongside other pieces of malware to infect millions of computers around the world.

ShadowBrokers appeared on the scene last year, claiming to have ransacked the NSA's exploitation tools store.

Security experts have confirmed the tools leaked by the ShadowBrokers are authentic. One of the group's leaked NSA exploits - ETERNALBLUE - was used to develop the WannaCry ransomware that rampaged through global systems earlier this year.

New release cycle

The ShadowBrokers have rejigged their release cycle to publish two data dumps a month.

The group is also now seeking payment in cryptocurrency Zcash, which emphasises transaction privacy, rather than Monero, which uses cleartext email for delivery.

The hackers are asking 500 Zcash for the new NSA malware files. Zcash currently trades at US$248 (A$309.50) per unit.

The group has lined up a further five NSA data dumps and is asking as much as 16,000 Zcash for the November 15 files.