Chinese tax software hides nasty spyware
GoldenHelper spyware utilized sophisticated techniques to hide its delivery, presence, and activity
The cybersecurity firm Trustwave has released a new report detailing its discovery of a new type of malware hidden inside Chinese tax software.
Back in June, the firm's SpiderLabs reported on malware inside Chinese tax software it dubbed GoldenSpy which installed a backdoor that gave attackers complete access to a company's network. However, Trustwave's new report highlights a new piece of spyware it uncovered in a different tax software used to pay VAT by businesses operating in China.
While this new malware the company is calling GoldenHelper is also delivered via tax software, it is “entirely different from GoldenSpy” according to the report.
- We've put together a list of the best tax software on the market
- Browse the web securely with the best VPN services
- Also check out our roundup of the best endpoint protection software
GoldenHelper spyware
The GoldenHelper malware campaign was active in 2018 and during most of 2019 before it was abruptly shut down in July of last year. The malware itself was hidden in China's Golden Tax invoicing software which is used by businesses to account for and pay VAT taxes.
After releasing its report though, Trustwave found that a program had been inserted into the tax software to erase all traces of the malware. While the company is not saying who is behind GoldenHelper at this time, it believes the spyware was part of a nation-state campaign.
Organizations operating in China must use the country's tax software to continue doing business there but VP of Cyber Threat Detection & Response at Trustwave, Brian Hussey explained the best way to do so in a blog post, saying:
“It is important to remember that as a security community protecting critical data and infrastructure, we must remain vigilant and weigh all options and risks individually. Trustwave SpiderLabs understands that the VAT tax invoice software is a government requirement and recommends that any system hosting third-party applications with a potential for adding a gateway into your environment, be isolated and heavily monitored with strict processes and procedures in their usage.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
- Keep your devices protected online with the best antivirus software
Via NBC
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.