Tags: China | Cybersecurity | spyware | malware

Spyware Found in Chinese Tax Software Likely Government Planted

a graphic with a green background of numbers shows the word spyware under a magnifying glass
(Dreamstime)

By    |   Thursday, 25 June 2020 11:05 AM

A multinational technology company conducting business in China found a hidden piece of malware inside a tax software it was instructed to install in order pay local taxes, NBC News reports.

The secret malware gave hackers total access to the company’s network, according to a private security firm who found it.

The company hacked was not named, but the firm that found it, Trustwave, published a report Thursday warning other companies how to search to see if they are victims of the unwanted malware.

Trustwave named the malware “GoldenSpy.” The security firm said it was extremely sophisticated.

"The GoldenSpy campaign…has the characteristics of a coordinated Advanced Persistent Threat (APT) campaign targeting foreign companies operating in China," the Trustwave report states. "At this point, we are unable to determine how widespread this software is. We currently know of one targeted technology/software vendor and a highly similar incident occurring at a major financial institution, but this could be leveraged against countless companies operating and paying taxes in China or may be targeted at only a select few organizations with access to vital information."

Trustwave said its client was instructed by its Chinese bank to install the software, which was legitimate, in order to pay local taxes. The malware was embedded inside.

Brian Hussey, a former FBI cyber specialist and Trustwave's vice president for threat detection and response, said companies need to be hyper aware when conducting business in China.

"If you do operations in China and if somebody asks you to install something, we're urging additional vigilance," Hussey told NBC News. "We're urging everybody to check to see if they are impacted."

Trustwave said it identified the unwanted malware quickly, so it is not clear whether it was implanted by the Chinese government or a criminal group.

Hussey suggests the government planted GoldenSpy because of the malware’s sophistication and lack of any funds being stolen.

"We don't know how widespread it is," Hussey said. "Was our client targeted because they have important information? Or is everybody targeted?"

The company knew something was off after it noticed some suspicious "beaconing" from its network, Hussey said.

Trustwave said the spyware kicked into action just two hours after the tax software was installed. GoldenSpy created a "backdoor" that allowed cyber attackers to install other types of malware on the network.

Hussey said the malware installed itself in two different places on the network, just in case one was deleted. It also had a function that would download and install the program again if both copies were deleted.

© 2020 Newsmax. All rights reserved.


   
1Like our page
2Share
Newsfront
A multinational technology company conducting business in China found a hidden piece of malware inside a tax software it was instructed to install in order pay local taxes, NBC News reports.
spyware, malware
422
2020-05-25
Thursday, 25 June 2020 11:05 AM
Newsmax Media, Inc.
 

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

NEWSMAX.COM
America's News Page
© Newsmax Media, Inc.
All Rights Reserved