Tax software required by China to conduct business with Chinese businesses has been installing malware on enterprise systems, according to cybersecurity researchers at Trustwave.
The team at Trustwave, a threat detection and response firm, has been monitoring the malware campaign which they originally found on the systems of one of its clients in Australia.
“They informed us that upon opening operations in China, their local Chinese bank required that they install a software package called Intelligent Tax produced by the Golden Tax Department of Aisino Corporation, for paying local taxes,” researcher Brian Hussey said.
“As we continued our investigation into the tax software, we found that it worked as advertised.
“But it also installed a hidden backdoor on the system that enabled a remote adversary to execute Windows commands or to upload and execute any binary.”
Wiping the Evidence
Shortly after Trustware published it’s report about GoldenSpy last month, researchers spotted the Anisino software downloading a new package that silenty wipees GoldenSpy from systems.
The uninstaller had been designed to remove all registry entries, files, and directories created by the GoldenSpy malware before deleting itself.