{{Short description|Malware program}} {{DISPLAYTITLE:''X-Agent''}} {{infobox computer virus | common_name = | classification = | type = Spyware | subtype = | isolation_date = | origin = | author = [[Fancy Bear]]<ref name="CrowdStrike">{{cite news|url=https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/|title=Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units|newspaper=Crowdstrike.com |date=22 December 2016|publisher=CrowdStrike|quote=CrowdStrike associates the use of X-Agent with an actor we call FANCY BEAR. This actor to date is the exclusive operator of the malware}}</ref> | ports_used = | platform = Windows, Linux, [[iOS]], [[Android (operating system)|Android]] | file_size = | language = }}

'''X-Agent''' or '''XAgent''' is a spyware and [[malware|malware program]] designed to collect and transmit hacked files from machines running Windows, Linux, iOS, or Android, to servers operated by hackers. It employs [[phishing]] attacks and the program is designed to "hop" from device to device.<ref>{{cite web | url =http://www.pcworld.com/article/2880152/new-spyware-targets-ios-devices-steals-pictures-and-data.html | title =New iOS spyware steals pictures, data, and more even from non-jailbroken iPhones | last =Williams | first =Martyn | date =4 February 2015 | website =PC World | access-date =22 July 2016}}</ref><ref> {{cite web | url =https://www.zdnet.com/article/ios-spyware-steals-texts-photos-contacts-switches-on-voice-recorder/ | title =iOS spyware steals texts, photos, contacts, switches on voice recorder | last =Ranger | first =Steve | date =6 February 2015 | website =ZD Net | access-date =22 July 2016}}</ref><ref> {{cite web | url =http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/ | title =Pawn Storm Update: iOS Espionage App Found | date =4 February 2015 | website =Trend Micro }}</ref> In 2016, [[CrowdStrike]] identified an [[Android (operating system)|Android]] variant of the malware for the first time, and claimed that the malware targeted members of the Ukrainian military by distributing an infected version of an app to control [[122 mm howitzer 2A18 (D-30)|D-30 Howitzer]] artillery.<ref name="CrowdStrike"/> The [[Ukrainian army]] denied CrowdStrike's report and stated that losses of Howitzer artillery pieces had "nothing to do with the stated cause".<ref>{{cite news |url=http://en.interfax.com.ua/news/general/395186.html |title=Defense ministry denies reports of alleged artillery losses because of Russian hackers' break into software |agency=[[Interfax-Ukraine]] |date=January 6, 2017}}</ref>

Slovak computer security company [[ESET]] obtained the X-Agent source code in 2015 and described its inner workings in a report released in October 2016.<ref>{{Cite web|url=https://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf|title=En Route with Sednit|last=ESET|date=October 2016|website=www.welivesecurity.com|access-date=December 21, 2017}}</ref>

A US [[grand jury]] indictment charges that agents of the Russian GRU in Moscow "developed, customized and monitored X-Agent malware used to hack the DCCC [Democratic Congressional Campaign Committee] and DNC [Democratic National Committee] networks beginning in or around April 2016".<ref>{{cite wikisource|title=U.S. v. Viktor Borisovich Netyksho, et al|last=Mueller|first=Robert|authorlink=Robert Mueller|date=2018|pages=4-5|wspages=4|scan=Page:Netyksho_et_al_indictment.pdf/4}}</ref>

==References== {{reflist}}

{{Hacking in the 2010s}} [[Category:Computer viruses]] [[Category:Spyware]] [[Category:IOS software]] [[Category:Android (operating system)]] [[Category:2010s in hacking]] [[Category:2016 in computing]]

{{malware-stub}}