Tuesday, January 26, 01:57
Home security A Chinese bank has promoted infected software to companies

A Chinese bank has promoted infected software to companies


A bank in China, has forced at least two Western companies to install an infected tax software on their systems.

It is a technology / software company based in United Kingdom and a financial institution. Both companies had recently opened new offices in China.

As the Trustwave, communicating with the two companies, found that the bank demanded that both of them install the infected software. The software, called Intelligent Tax, used for local tax payments.

GoldenSpy Backdoor

Trustwave, which provides security services to cyberspace to the software company, said it had spotted malware after noticing suspicious network requests coming from its customer network.

When researchers checked Intelligent Tax software, they found that while it actually works to pay local taxes, it also has a hidden Backdoor.

This Backdoor, which the security company named GoldenSpy, allows access at system level, so a remote intruder can connect to the infected system and execute commands Windows or upload and install other software.

Trustwave said it has identified some features that are often found in malicious programs and have no legal use anywhere else:

  • GoldenSpy installs two identical versions as permanent startup services. If one stops working, the other will start working. In addition, it uses an exeprotector unit that monitors in case one of the versions is deleted. If this is done, it will download and run a new version. So it is very difficult to remove from one system.
  • Even if someone uninstalls Intelligent Tax software, GoldenSpy will continue to function as Backdoor.
  • GoldenSpy does not immediately install on the victim's device. Instead, at least two hours must pass since the Intelligent Tax is installed, and then malware is downloaded without any notification, so it is not perceived.
  • GoldenSpy does not communicate with the tax software network infrastructure (i-xinnuo [.] Com), but addresses ningzhidata [.] Com, a domain that is known to host other variants of malware. After the first three attempts to communicate with the C&C server, it randomizes the signal times, a method used to prevent its detection by security technologies.
  • GoldenSpy works with system-level privileges, making it great dangerous and able to run any software on the system.

Where did it come from?

Although Trustwave managed to locate Backdoor in Aisino Intelligent Tax Software, could not find out who placed it there from the beginning.

It could come from either government hacker, who secretly posted it on the software, either by a fraudulent bank employee.

However, whoever is responsible for this Backdoor, it is very important that other companies that work with banks in China are very careful, as there is a chance that they will be asked to install the software in question.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement



COVID-19 vaccines: Ways to protect supply chains

The development of vaccines for COVID-19 in such a short period of time has created many challenges and these are not only related to ...

How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....

Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...