The US FBI has sent warning reports to US companies that are having operations in China, about a backdoor malware being installed on their networks through tax softwares! The malware pointed out here is said to GoldenHelper, which could let attackers execute code remotely and steal data.
Spreading Malware Through Tax Softwares
US companies that are having branches in China are warned with a flash alert from FBI today, where their networks could potentially be infected with backdoor malware. This was revealed after two incidents of US companies reported to found malware in their systems after installing the tax software prescribed by the local authorities.
As per a US pharmaceutical company report from July 2018, an employee who downloaded the Baiwang Tax Control Invoicing software from its original website has a backdoor malware found in it.
This was seen by employees in April 2019, when the maker Baiwang has sent software update a month earlier to discovery and found a driver being installed automatically. The backdoor malware was identified as GoldenHelper by Trustwave, a security firm.
And in a second incident reported in June this year, a private cybersecurity firm reported having found a backdoor in tax software from Aisino Corporation, which was required by a Chinese bank under its VAT system. Trustwave has later identified the backdoor malware as GoldenSpy, which is an upgraded iteration of GoldenHelper.
Making this worse, the Chinese government has authorized the VAT softwares from only these two makers. Thus, there’s no chance for foreign companies to evade the backdoor infection. The companies, Baiwang and Aisino are overseen by the National Information Security Engineering Center, which has close links to the Chinese government.