Chinese bank requires foreign firm to install app with covert backdoor


Enlarge (credit: Jeremy Brooks / Flickr)

A large, multinational technology company got a nasty surprise recently as it was expanding its operations to China. The software a local bank required the company to install so it could pay local taxes contained an advanced backdoor.

The cautionary tale, detailed in a report published Thursday, said the software package, called Intelligent Tax and produced by Beijing-based Aisino Corporation, worked as advertised. Behind the scenes, it also installed a separate program that covertly allowed its creators to remotely execute commands or software of their choice on the infected computer. It was also digitally signed by a Windows trusted certificate.

Researchers from Trustwave, the security firm that made the discovery, have dubbed the backdoor GoldenSpy. With system-level privileges to a Windows computer, it connected to a control server located at ningzhidata[.]com, a domain Trustwave researchers said is known to host other variations of the malware. The backdoor included a variety of advanced features designed to gain deep, covert, and persistent access to infected computers.

Read 2 remaining paragraphs | Comments