Chinese tax software hides nasty spyware

GoldenHelper spyware utilized sophisticated techniques to hide its delivery, presence, and activity

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The cybersecurity firm Trustwave has released a new report detailing its discovery of a new type of malware hidden inside Chinesetax software.

Back in June, the firm’s SpiderLabsreported onmalware inside Chinese tax software it dubbed GoldenSpy which installed a backdoor that gave attackers complete access to a company’s network. However, Trustwave’s new report highlights a new piece ofspywareit uncovered in a different tax software used to pay VAT by businesses operating in China.

While this new malware the company is calling GoldenHelper is also delivered via tax software, it is “entirely different from GoldenSpy” according to the report.

GoldenHelper spyware

The GoldenHelper malware campaign was active in 2018 and during most of 2019 before it was abruptly shut down in July of last year. The malware itself was hidden in China’s Golden Tax invoicing software which is used by businesses to account for and pay VAT taxes.

After releasing its report though,Trustwavefound that a program had been inserted into the tax software to erase all traces of the malware. While the company is not saying who is behind GoldenHelper at this time, it believes the spyware was part of anation-state campaign.

Organizations operating in China must use the country’s tax software to continue doing business there but VP of Cyber Threat Detection & Response at Trustwave, Brian Hussey explained the best way to do so in ablog post, saying:

“It is important to remember that as a security community protecting critical data and infrastructure, we must remain vigilant and weigh all options and risks individually. Trustwave SpiderLabs understands that the VAT tax invoice software is a government requirement and recommends that any system hosting third-party applications with a potential for adding a gateway into your environment, be isolated and heavily monitored with strict processes and procedures in their usage.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaNBC

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Trying to get the AMD Ryzen 7 9800X3D CPU? It seems only scalpers have it and they’re jacking up the price