Wikileaks claims that DarkSeaSkies is a CIA implant embedded in Apple MacBook Air EFI firmware, utilizing DarkMatter, SeaPea, and NightSkies tools. DarkMatter provides EFI persistence and installs the other 2 tools. SeaPea runs in Mac OS kernel space for stealth, while NightSkies operates in user-space, establishing remote command, control, and monitoring capabilities. This exploit is part of a series of malware that targets Apple devices that WikiLeaks claims the CIA’s Embedded Development Branch (EDB) is responsible for creating.
