The documents, released overnight, come from the CIA's Imperial project and comprise three tools.
Achilles gives an attacker the means to trojan an OS X disk image with one or more executables that can be triggered to launch once. It dates back to 2011.
Also detailed was an OS X rootkit known as SeaPea that runs on OS X 10.6 and 10.7 and hides files, directories, socket connections and processes.
Aeris supports automated file exfiltration, configurable beacon interval and jitter, standalone and Collide-based HTTPS LP support and SMTP protocol support – all with TLS encrypted communications with mutual authentication.
It is compatible with the NOD Cryptographic Specification and provides structured command and control similar to that used by several Windows implants.
The Vault 7 documents have been dumped nearly every week since 7 March.