• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » Malware » GoldenSpy Malware Found in Bank Payment Software

GoldenSpy Malware Found in Bank Payment Software

2020-06-29 by Max

GoldenSpy Malware

Well Hidden Malware Threat Targets Corporations Operating in China

A new malware, named GoldenSpy, was found embedded in tax payment software. The software installation is a requirement of a Chinese bank to do business in Mainland China. The malware, which allows a threat actor to execute Windows commands or upload and execute any binary, was discovered by cyber security researchers at Trustwave SpiderLabs. It is well-hidden on infected systems and difficult to detect.

The malware was installed when business customers downloaded and installed a bank required payment software called Intelligent Tax. The payment software is produced by the Golden Tax Department of Aisino Corporation. Business customers were required by a local Chinese bank to download and use the software. Although the software does function as it should, it also installs a backdoor into customers’ systems, Trustwave found.

“Basically, it was a wide-open door into the network with SYSTEM level privileges and connected to a command and control server completely separate from the tax software’s network infrastructure,” says the report by Trustwave.

READ: Chinese Naikon APT Spying on Government Entities

The Chinese government has well established history of surveilling its citizens. The People Republic of China (PRC) has a particular interest in knowing the data that is contained on cell phones and other devices. In particular, when travelers come from outside the country through a border checkpoint, they may be required to install monitoring software on their phone. If they refuse, they will not be allowed entry into the country.

Furthermore, China’s laws allow the PRC to search networks software and hardware of any company that is operating a computer or similar device within the country. It may also require that the encryption keys either be handed over to the PRC or preferably that the company use encryption that has already been approved of by the PRC. This means that they have access to the decryption keys already. Finally, Chinese law makes it illegal to access internet without going through their filtering and monitoring software sometimes known as the Great Firewall of China. Formally called Project Golden shield by the PRC. Any data that is transmitted, stored, or otherwise processed in China should be considered subject to monitoring by the PRC.

The cyber security researchers saw that GoldenSpy installs two identical versions of itself. The malware installation process happens two hours after Intelligent Tax is finished with its installation process. The malware installs itself silently in the background without any notifications to the system administrator. When the installation processes finish, the software has granted itself SYSTEM level privileges and connected to a command and control server. Both copies of the malware launch at startup. If either one shuts down, the other can restart it. If one installation is deleted, the other can reinstall a new copy.

It remains unclear what the objective of the malware is. It could be to steal money, for corporate espionage, data exfiltration, or to move laterally across networks.

In mid-2016, Aisino Corporation announced a new ‘big data’ partnership with a company named Chenkuo Network Technology. This is the same company that digitally signs GoldenSpy and about the same time, GoldenSpy was first spotted in the wild.

READ: India Bans Chinese Apps – TikTok, WeChat, 57 More

“The scope of this campaign is not currently known.  For our client, GoldenSpy was secretly embedded within the Aisino Intelligent tax software, but we cannot determine if this was targeted because of their access to vital data, or if this campaign impacts every company doing business in China.  We have identified similar activity at a global financial institution, but do not yet have further telemetry into this campaign,” explained Trustwave VP of cyber-threat detection and response, Brian Hussey.

The Intelligent Tax software’s uninstall feature does not uninstall GoldenSpy.

Filed Under: Malware

About Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version