The SpiderLabs team recently announced the discovery of GoldenSpy, a new kind of malware that was embedded in tax payment software that a prominent Chinese bank was requiring organizations to install. Discovered through a proactive threat hunt, this malware installed a hidden backdoor into the organization’s network.
In this video interview, Brian Hussey, Vice President of Cyber Threat Detection and Response for SpiderLabs, talks more about this emerging threat and offers recommendations for how organizations can best protect themselves.
“If you’re doing business in China – or really anywhere in the world – be wary if someone asks you to install something,” Brian said. “Always stay vigilant and always stay aware.”
UPDATE (June 30, 2020): Trustwave SpiderLabs has identified a new file being downloaded by the Aisino Intelligent Tax product. But this time it has nothing to do with remote command and control of the victim. Rather, this new sample’s sole mission is to delete GoldenSpy and remove any trace it existed.
The Golden Tax Department and the Emergence of GoldenSpy Malware
Trustwave SpiderLabs threat hunting experts investigate a malware campaign targeting corporations operating in China. This report identifies a new threat and provides specific hunting, investigative, and remediation methodologies that can be used to help ensure your environment is clean.