Julian Assange's WikiLeaks website has released the source code for what it says is a malware obfuscation tool used by the CIA, as part of its Vault 7 information leaks.
According to the documentation for the Marble Framework published by WikiLeaks, it is "designed to allow for flexible and easy-to-use obfuscation when developing tools".
The obfuscation is done to avoid anyone attributing the malware to the CIA.
"When signaturing tools, string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop," the documation states.
Announcing the release of the Marble data, WikiLeaks claimed "thousands of CIA viruses and hacking attacks can now be attributed".
The tool is implemented as a C programming language header file with functions, declarations and macro definitions, which is included with the source code for malware projects.
Obfuscation of strings and data in malware can be done using the Marble algorithms, which can be randomly selected by the tool.
The CIA suite also includes a de-obfuscator that restores scrambled files to their original, clean states.
Marble tools such as Warble can add languages such as Arabic, Russian, Chinese, Korean and Farsi to the malware, as part of the agency's anti-forensic effort.
Some 676 source code files for Project Marble were published by WikiLeaks along with the documentation for the tool.
The documentation for the Marble Framework is marked as SECRET/NOFORN, the second highest security classification used by the CIA, which prohibits access by foreign nationals.
CIA has not confirmed the authenticity of the leaked Vault 7 materials.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
