Developers: | Aisino |
Branches: | Financial services, investments and audit |
2020: Distribution of software with espionage tabs
At the beginning of July, 2020 it became known that a certain Chinese bank which name does not reveal obliged to establish to the company official tax software with espionage tabs.
Specialists of Trustwave company found out that this bank obliged at least two western companies to set software about GoldenSpy backdoor. One of injured clients of bank who recently opened office in China addressed Trustwave. He reported that the bank forced the company to set Intelligent Tax software, developed by Aisino company especially for payment of the local taxes.
Software really performed the stated function, however besides set the hidden backdoor of GoldenSpy in the systems of customer organization. Specialists of Trustwave detected it on the suspicious network requests coming from network of the client. GoldenSpy has SYSTEM level rights, allowing hackers to be connected to the infected system, to load and set another to software. After accomplishment of these tasks of Aisino Intelligent Tax starts the loaded uninstaller, and that deletes all files and the GoldenSpy folders and also records which it inserted into the database of system configuration Windows.
Though many programs use functions of remote access for debugging of software, experts of Trustwave are sure that in this case the situation is much more gloomy. The backdoor registers two identical copies of itself in autostart and if one of copies ceases to work, the double right there recovers it. At the same time the malware carefully keeps track of the status of clones, in time loading the new copy. It is also worth noting that initial loading of GoldenSpy happens only in two hours after installation of the main software, without the accompanying notifications.
Experts in cyber security urge all companies working in China and dealing with Intelligent Tax to take necessary measures for protection of the systems against potentially malware.[1]