Malware Found in Widely-Used Chinese Tax Software

Malware found Chinese tax Software
Share on facebook
Share on twitter
Share on linkedin

Tax software widely-used by large corporations in China has been found to have malicious software – malware – installed that can potentially cause damage to the system.

In the case of variant, it can even attempt to take out massive sums of money.

Trustwave Spiderlabs – a threat detection and response company – were the ones to uncover and name this malware ‘GoldenHelper’; after they discovered the potential for access through hidden ‘backdoors’ in the software. These backdoors allow other groups to gain access to and install malicious software into the system.  

A report released by Trustwave last month provoked a quick retraction of the malware named GoldenSpy; a new software was downloaded that deleted the malware entirely. This raised questions of the involvement of the company Aisino, who was originally thought to be threatened by the malware. 

The discovery of GoldenHelper, although different to GoldenSpy, is putting more questions to Aisino, and concerns of them attempting to ‘cover their tracks’ are being raised.  

Malware found Chinese tax software

For more information on our ISO 27001 – Information Security Management Systems – or for your free ISO 27001 Gap Analysis Checklist, click here.

These malware programs have both been linked to Aisino and their software that is involved with the Chinese tax system. While the users behind the malware remain hidden and their intentions unclear, it is prudent to note the possibility of these attacks and their potential ramifications.

GoldenHelper, the newly uncovered malware within the Chinese Tax system, employs a few tricks that allows for malware to go undetected within programs. In order to keep its presence and activity hidden, it uses a few different techniques in the attempt to remain hidden within the software, such as:

  • Generating file names, locations and timestamps at random
  • UAC bypass
  • Privilege escalation
  • IP-based DGA (domain generation algorithm)

The devious nature of the malware that has been discovered by Trustwave has raised questions about the intentions of Aisino and the security of the software used by companies in China to determine VAT. 

The recommendation for businesses using outside software and third party programs is to remain highly diligent in their security and processes. 

Cyber security is an important aspect of business, and one that can cause significant issues if not monitored closely.

Don’t forget to check our News page for regular industry-relevant articles, how-to guides and ISO-explainers.

Subscribe to our Newsletter

Share this post with your friends

Share on linkedin
Share on facebook
Share on twitter
Share on google