In a recent email upload made by the confidential file publisher, more than 300 malware files have been recorded.
WikiLeaks has been uploading confidential as well as controversial emails and other such resources on its portal for many years now. The confidential file publisher recently posted an email dump of communications from Turkey’s political party AKP. However, more than 300 malware samples were also found to be hosted along with the cache of leaked emails.
The discovery was made by Bulgarian security researcher Dr Vesselin Bontchev. He said that finding this out was not a difficult task at all. A simple virus and malware scan revealed that more than 300 malware samples were hosted on WikiLeaks along with the email dump they recently posted.
This shows that no processing of any kind had been done before uploading the emails. As for how the malware made their way to the website, Dr Bontchev said that it was probably because of phishing campaigns. Most of the AKP party members whose emails were leaked had been sent malicious emails either in their spam mail or via targeted attacks.
Since WikiLeaks did not process the emails at all before uploading them on their portal, the malware were transferred there as well.
Further antivirus scans provided by VirusTotal reveal that included in the malware hosted on WikiLeaks are several Windows exploits, Trojans, and Java-based malicious code. Dr Bontchev has provided a repository of all the leaked emails as well as the virus results for people to check.
This news comes as a surprise to everyone around the world. With the kind of service they provide, one would expect WikiLeaks to at least vet the emails they post on their website. The least they could do is a quick virus and malware scan before mass uploading emails.
They could also issue a warning to people who peruse their service extensively. A lot of journalists and activists use WikiLeaks actively, and they must surely be astonished by this discovery.
If you’re one of those people, now might be a good time to check out some VPNs.