Backdoor.Athena is a backdoor Trojan usually described as a “beacon loader.” According to documents leaked by WikiLeaks, this malicious application was developed by the CIA in cooperation with Siege Technologies. The company is based in New Hampshire, U.S, and presents itself as “an advanced research and development company” that focuses on developing “offensive and defensive cyber security technologies.” Even though technical documents related to Backdoor.Athena have become public recently, it is not hard to notice that they are dated between September 2015 and February 2016, which is a clear sign that Backdoor.Athena has been active since 2015. Judging from leaked technical documents, Backdoor.Athena is sophisticated malicious software that can infiltrate and perform activities on computers with any version of the Windows OS (from Windows XP to Windows 10) running on them.
Our team of experienced researchers could not find a working sample of Backdoor.Athena, but research they carried out to find more about this backdoor Trojan still revealed some information about it. First, they managed to find out that, interestingly, this infection consists of seven components/applications: Builder, Tasker, Parser, Listening Post, Installer, RamOnly, and OffLine. The Builder component “provides the ability to build packages for specified targets.” The Tasker “provides the ability to task a specific implant.” The Parser is responsible for decoding responses received from the target. The Listening Post interacts with the remote target. The Installer “installs the tool onto the target system.” As for the RamOnly, it is used to “execute a diskless version of the implant.” Finally, the OffLine component gains full target system access if it turns out that physical access is available. As can be seen, Backdoor.Athena is sophisticated malware consisting of several different components, but it is not why we have found it quite an interesting variant of a backdoor Trojan. As has been observed, it also encompasses two unique tools Athena-Alpha and Athena-Bravo. They slightly differ from each other, e.g. use different services. Malware analysts suspect that Backdoor.Athena does not target ordinary computer users. According to them, the United States government together with Siege Technologies may have developed it to fight cybercrime primarily. Because of this, it is not likely at all that users will ever detect it on their systems.
Backdoor.Athena is considered sophisticated malicious software not only because it has several different components and utilizes two tools with the same business logic, but also because it has been developed to work on any version of the Windows OS. On top of that, what else shows that it is not a simple threat is that the majority of its modules have been written in three different programming languages: Python, C++, and Bash.
Since some technical information about Backdoor.Athena has already been provided in this report, let’s find out what it is capable of. Backdoor Trojans are usually used to gain unauthorized access to computers without their users’ knowledge. It is very likely that Backdoor.Athena is capable of doing that too. In addition, it might be used to install certain software on affected systems, and, on top of that, it might be used to collect information from these affected computers. As mentioned, it is not likely at all that Backdoor.Athena will ever be used against ordinary computer users. It is more likely that the United States government uses it to fight hackers.
As was already mentioned in this report, Backdoor.Athena does not target ordinary computer users, so do not try to find it on your system – it is not there and never will be. Our specialists suspect that the Backdoor.Athena removal would not be an easy task because this backdoor Trojan consists of a bunch of components that all need to be erased from the affected system so that it could not revive.