Chinese tax software hides nasty spyware
The cybersecurity firm Trustwave has released a new report detailing its discovery of a new type of malware hidden inside Chinese tax software.
Back in June, the firm’s SpiderLabs reported on malware inside Chinese tax software it dubbed GoldenSpy which installed a backdoor that gave attackers complete access to a company’s network. However, Trustwave’s new report highlights a new piece of spyware it uncovered in a different tax software used to pay VAT by businesses operating in China.
While this new malware the company is calling GoldenHelper is also delivered via tax software, it is “entirely different from GoldenSpy” according to the report.
The GoldenHelper malware campaign was active in 2018 and during most of 2019 before it was abruptly shut down in July of last year. The malware itself was hidden in China’s Golden Tax invoicing software which is used by businesses to account for and pay VAT taxes.
After releasing its report though, Trustwave found that a program had been inserted into the tax software to erase all traces of the malware. While the company is not saying who is behind GoldenHelper at this time, it believes the spyware was part of a nation-state campaign.
Organizations operating in China must use the country’s tax software to continue doing business there but VP of Cyber Threat Detection & Response at Trustwave, Brian Hussey explained the best way to do so in a blog post, saying:
“It is important to remember that as a security community protecting critical data and infrastructure, we must remain vigilant and weigh all options and risks individually. Trustwave SpiderLabs understands that the VAT tax invoice software is a government requirement and recommends that any system hosting third-party applications with a potential for adding a gateway into your environment, be isolated and heavily monitored with strict processes and procedures in their usage.”