Home / News & Notice

BothanSpy Vulnerability
[Patch released on July 17, 2017]

Posted Jul 10, 2017

Update: [July 17, 2017] NetSarang has released an update for Xshell which enhances the encryption of your session information. You should be prompted for an update automatically. If not, go to Help -> Check for Updates to update manually.

On July 7th, 2017 Wikileaks released documentation of CIA projects BothanSpy and Gyrfalcon. The BothanSpy script targeted specific Versions and Builds of our Windows SSH client program, Xshell, in order to facilitate the theft of information from our users who had an active SSH session open in Xshell. Gyrfalcon targeted OpenSSH client users on Linux.

What's clear is that Xshell was not used to initially gain access to the users' computers, but instead BothanSpy was initiated on computers which were already accessible by the CIA and happened to be running Xshell.

BothanSpy was able to steal user credentials. The authentication key themselves were not extractable.

More information regarding these projects can be found directly on Wikileaks here: https://wikileaks.org/vault7/#BothanSpy

Our highest priority is the security of our users and our team is working on releasing a patch to fix this issue which will be released asap. Once it is released, we highly recommend you install the update asap. Users with Live Update enabled should be automatically prompted for an update. Others can go to the Help menu to check for updates manually.