PaymentsJournal
No Result
View All Result
SIGN UP
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
PaymentsJournal
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
No Result
View All Result
PaymentsJournal
No Result
View All Result

Tax Software App Required for Companies Doing Business in China Is Sophisticated Spyware

By Tim Sloane
July 15, 2020
in Analysts Coverage, Fraud & Security, Fraud Risk and Analytics, Security
0
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Tax Software App Required for Companies Doing Business in China Is Sophisticated Spyware

Tax Software App Required for Companies Doing Business in China Is Sophisticated Spyware

Just two days ago I asked if there was proof that TikTok was stealing data. Well, this isn’t proof but it surely indicts the Chinese government! NBC News reports that Trustwave has discovered tax software mandated by the Chinese government is actually sophisticated spyware. The following excerpt is from the Trustwave Report Highlights:

“Trustwave SpiderLabs has identified a new threat targeting corporations conducting business in China. The victim company is required to install software that will enable payment of local taxes. However, a backdoor is hidden within the software package that provides full remote command and control of the victim system, enabling arbitrary remote execution of code, and a remote shell.

• Through the course of this investigation, we discovered several variations of this backdoor. The first version has a compilation timestamp in 2016 but it does not appear to have been analyzed or categorized prior to 2020. As a service to the security community, we are providing full malware analysis as part of this report and we have named this malware family “GoldenSpy”.

• The hidden GoldenSpy backdoor (svm.exe) is covertly downloaded two hours after the Aisino Intelligent tax software installation is completed. It calls out to a Chinese domain with a reputation of distributing variations of GoldenSpy. Svm.exe exfiltrates basic system information and continuously beacons to a remote server for “updates.” This “update” functionality enables remote execution of arbitrary code and provides remote command execution capability.

• Trustwave SpiderLabs believes that this threat became active in April of 2020, when the ningzhidata[.]com domain first delivered the current version of GoldenSpy. The domain was registered on 22 September 2019.

• Trustwave SpiderLabs was engaged for a threat hunt shortly after our client was compromised, enabling us to disrupt the potential attack early in the kill chain. For this reason, we were not able to gather sufficient TTP’s to confidently attribute GoldenSpy to a specific threat actor group. Therefore, we will refrain from claiming attribution in this report.

• The full scope of this threat is currently unknown, but our client reported that installation of this software was required by their Chinese bank as a prerequisite to paying local Chinese taxes. We believe that all corporations with Chinese operations should investigate for presence of GoldenSpy and remediate if necessary”

Those interested in viewing the report can access it here.

Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Tags: ChinaSecuritySpywareTikTokTrustwave

    Get the Latest News and Insights Delivered Daily

    Subscribe to the PaymentsJournal Newsletter for exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    prepaid payroll

    Taking the Check Out of Paycheck: The Role of Prepaid in Payroll

    June 16, 2025
    Banking-as-a-service BaaS

    Remodeling Main Street: How Community Banks Can Leverage the Banking-as-a-Service Paradigm

    June 12, 2025
    How Employee Performance Enhances the Customer Experience

    Three Strategies to Maximize Loyalty in the AI-Driven World 

    June 11, 2025
    PFM tools

    How FIs Are Cutting Through Subscription Clutter with PFM Tools

    June 10, 2025
    child identity theft

    Stranger Danger: Protecting Your Children from Identity Theft

    June 9, 2025
    agentic commerce

    The Agentic Advent: How the Next Iteration of AI is Shaping Commerce

    June 6, 2025
    payments hub, digital banking

    All in One: How a Payments Hub Eliminates the Pain Points

    June 5, 2025
    Vertical SaaS

    From Underdogs to Industry Leaders: How Vertical SaaS Powers Mid-Sized Firms

    June 4, 2025

    Linkedin-in X-twitter
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter

    ©2024 PaymentsJournal.com |  Terms of Use | Privacy Policy

    • Commercial Payments
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    No Result
    View All Result