Malware stashed in China-mandated software is more extensive than thought

[InfoSec News <alerts () infosecnews org>]

https://arstechnica.com/information-technology/2020/07/malware-stashed-in-china-mandated-software-is-more-extensive-than-thought/

By Dan Goodin
Ars Technica
July 14, 2020

Three weeks ago, security researchers exposed a sinister piece of malware 
lurking inside tax software that the Chinese government requires companies 
to install. Now there’s evidence that the high-stealth spy campaign was 
preceded by a separate piece of malware that employed equally 
sophisticated means to infect taxpayers in China.

GoldenHelper, as researchers from security firm Trustwave dubbed the 
malware, hid inside the Golden Tax Invoicing software, which all companies 
registered in China are mandated to use to pay value-added taxes. The 
malware is able to bypass the User Account Control, the Windows mechanism 
that requires users to give their approval before software can install 
programs or make other system changes. Once that’s done, GoldenSpy can 
install modules with System-level privileges. Trustwave published its 
findings on Tuesday here.

GoldenHelper employs other tricks to conceal its malicious behavior and 
evade detection from endpoint protection systems and software. The tricks 
include:

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/