Chinese bank requires foreign firm to install app with covert backdoor
A multinational tech company gets schooled in the risks of doing business in China. …
reader comments
136 with 94 posters participating
A large, multinational technology company got a nasty surprise recently as it was expanding its operations to China. The software a local bank required the company to install so it could pay local taxes contained an advanced backdoor.
The cautionary tale, detailed in a report published Thursday, said the software package, called Intelligent Tax and produced by Beijing-based Aisino Corporation, worked as advertised. Behind the scenes, it also installed a separate program that covertly allowed its creators to remotely execute commands or software of their choice on the infected computer. It was also digitally signed by a Windows trusted certificate.
Researchers from Trustwave, the security firm that made the discovery, have dubbed the backdoor GoldenSpy. With system-level privileges to a Windows computer, it connected to a control server located at ningzhidata[.]com, a domain Trustwave researchers said is known to host other variations of the malware. The backdoor included a variety of advanced features designed to gain deep, covert, and persistent access to infected computers.
According to Thursday’s post, those features include:
- GoldenSpy installs two identical versions of itself, both as persistent autostart services. If either stops running, it will respawn its counterpart. Furthermore, it utilizes an exe protector module that monitors for the deletion of either iteration of itself. If deleted, it will download and execute a new version. Effectively, this triple-layer protection makes it exceedingly difficult to remove this file from an infected system.
- The Intelligent Tax software’s uninstall feature will not uninstall GoldenSpy. It leaves GoldenSpy running as an open backdoor into the environment, even after
Continue reading – Article source
Similar Posts:
