CouchPotato
WikiLeaks has exposed CIA tool which captures images from live video streams remotely. While there are no specific documentations how CIA are able to hack the machine remotely, it could be assumed that the tool is used with other malware by CIA. Not only the tool can capture images but also save the video as AVI. It also has the ability to capture with and without the audio.
“Today, August 10th 2017, WikiLeaks publishes the the User Guide for the CoachPotato project of the CIA. CouchPotato is a remote tool for collection against RTSP/H.264 video streams. It provides the ability to collect either the stream as a video file (AVI) or capture still images (JPG) of frames from the stream that are of significant change from a previously captured frame. It utilizes ffmpeg for video and image encoding and decoding as well as RTSP connectivity. CouchPotato relies on being launched in an ICE v3 Fire and Collect compatible loader.”
The tool named CouchPotato “can leak memory and also leave file handles open.” It also recommends setting an expiration period for the tool so that, when this period has elapsed, “CouchPotato will exit…“This is a highly recommended option when collecting video,”
“It is highly recommended to not launch out of a process that is critical to system stability such as services.exe”
