China is a disaster that keeps on giving and after rattling the entire planet with a deadly virus that has taken the lives of over one million, the Xi Jinping red regime is now unleashing malicious malware software on foreign companies that are operating in mainland China as well as global financial institutions. After Huawei’s plan of creating a surveillance state by creating an intricate espionage net was thwarted, the CCP has quickly recalibrated its plans and is now aiming to undertake a much strenuous operation to cripple countries around the globe.
U.S. cybersecurity company Trustwave Holding on June 25 issued a warning about spyware embedded in the Chinese government-mandated Intelligent Tax software, which U.S. companies operating in China are required to install by local banks. Once the software is installed, the backdoor can be secretly embedded in companies’ systems, Trustwave warned.
The advice prompted the U.S. Federal Bureau of Investigation to issue a warning to American companies operating in China on July 23. The FBI warned that the value-added tax software provided by two exclusive distributors — Baiwang Cloud and Aisino Corp. — contained malware that enables backdoor access.
The spyware embedded in the Golden Tax invoicing software provided by Baiwang has been named “GoldenHelper,” while the backdoor malware hidden in Aisino’s Intelligent Tax software has been dubbed “GoldenSpy.” Trustwave has found that the two pieces of malware are actually the same software. The suspicious characteristics of GoldenSpy are:
- Covert download; two hours after the Intelligent Tax software is installed.
- Two autostart services created to monitor and restart itself.
- Uninstalling the tax software does not uninstall the GoldenSpy binaries.
- Beaconing traffic to a domain that is not related to the tax software.
- Running with system-level privileges and allowing for remote code execution.
Asinno’s parent company China Aerospace Science & Industry Corp., or CASIC has historically deep ties with PLA and therefore it doesn’t take much of a leap to figure out where the harvested data is being processed.
As usual, when called about installing backdoor access in its software programs that it forces the foreign companies to download, China vehemently denies any wrongdoing. The fact that Germany has recommended German companies to take necessary measures based on information provided by the FBI in its reports further suggests that China has again been caught lying with its pants down.
Germany and the United States stand together against Chinese cyber espionage and targeting activity. The FBI, BKA, and BfV are warning companies about "Golden Spy" malware in China's government-mandated tax software. https://t.co/HbibjOpqAIhttps://t.co/Tjt3GXgHCP
— US-Botschaft Berlin (@usbotschaft) August 24, 2020
It is imperative to note that the US and Germany have not looked in the eyes pleasantly in the last few months due to Donald Trump and Angela Merkel’s polar political ideologies when it has come to dealing with China. However, with the intelligence agencies of both countries cooperating to unearth Chinese malware– the world should be wary of the looming threat and its scale.
It has always been believed that China pours in massive amounts of money and man-power to churn data on its enemy states. Reported previously by TFI, a Shenzen-based company named Zhenhua Data Information Technology Co. Limited had been tasked by CCP to monitor over 10,000 prominent citizens including President Ram NathKovind and Prime Minister Narendra Modi, among others. The entire endeavour can be termed part of China’s ‘Hybrid-Warfare’ campaign as Zhenhua works in close proximity with the CCP Chinese intelligence, military, and security agencies.
A report published in Nikkei Asia suggests that Japan’s response to the malware has been uncharacteristically slow in comparison to, say, the US and Germany and thus it could prove dangerous. Similarly, India and its companies that are operating in the middle kingdom can be at the end of a similar treacherous manoeuvre. The union government should quickly rap up its domain security officials and chalk out a plan to weed out any Chinese malware software that might have been downloaded and could be sending sensitive information to the Politburo of Beijing.