Kaspersky Labs today said it obtained spying code used by the National Security Agency after it was scrapped when an NSA contractor installed malware on his computer.

According to details published Monday by Kaspersky, an internal investigation found one instance in 2014 where its detection subsystem caught what appeared to be Equation malware source code files, the top-security software used by the NSA to spy on users. Kaspersky’s antivirus software had been configured to send new malware samples automatically back to the company for analysis, explaining why it had ended up with a copy.

Then it just gets weird. The NSA contractor who shared the code with Kaspersky is said to have downloaded malware-laden piracy software in the form of a Microsoft Office key generator, and temporarily disabled the Kaspersky installation on his computer that would have prevented the software being installed. The malware,  Backdoor.Win32.Mokes.hvl, remained on the computer for a period of time afterward.

Once the contractor reactivated his antivirus protection, the software subsequently searched his machine, detected the malware and secret NSA code, then uploaded it to Kaspersky for further study. “Upon processing, the archive was found to contain multiple malware samples and source code for what appeared to be Equation malware,” explained the company. “After discovering the suspected Equation malware source code, the analyst reported the incident to the CEO.”

Once made aware that they had obtained NSA code, founder Eugene Kaspersky (pictured) ordered that all records of the code be deleted and did not share the details with third parties — most importantly, given the accusations at hand, with the Russian government.

Kaspersky argued that given how the company accidentally obtained the NSA code, anyone could have installed a backdoor on a computer hosting the code to obtain access to it. Kaspersky also claimed that given it had deleted the data, it could not have been stolen from it at a later date — in particular, during the alleged hacking of the company in 2015.

Concerns about Kaspersky’s links to the Russian government first emerged earlier this year, leading to a Federal Bureau of Investigation probe and bans on federal employees using the software by both the  Trump White House and the Department of Homeland Security.

Photo: Kai Mork/Wikimedia Commons