The FBI has issued a notice addressed to some of the US companies operating in China to communicate to them the presence of a backdoor found in the software whose installation is made mandatory by Beijing for the payment of taxes. In doing so, they are potentially exposed to remote code execution, theft of confidential information and the compromise of networks.
GoldenHelper and GoldenSpy: taxes and backdoors Made in China
The backdoor was found in the programs provided by the Chinese companies Baiwang and Aisino, the only two authorized by the central government for distribution. The agents of the American Bureau themselves claim to be aware of two violations perpetrated through this method. Here is what we read in the branch note (Flash Alert AC-000129-TT).
In July 2018, an employee of a U.S. pharmaceutical company operating in China downloaded the Baiwang Tax Control Invoicing software from baiwang.com. At least until March 2019 the developer has released updates that automatically install a driver along with the tax program. In April 2019, the company’s employees discovered that it included malware capable of creating a backdoor in the company’s network.
The malware in question was later identified as GoldenHelper by Trustwave researchers.
In June 2020, a private security company reported that Intelligence Tax, Aisino Corporation’s tax software requested by a Chinese bank, contained malware capable of installing a hidden backdoor in the organizations network.
In this case, Trustware has labelled it as GoldenSpy, an evolution of the one mentioned above.
The FBI alert is aimed in particular at those operating in the financial, chemical and health care markets, considered particularly at risk due to the interest shown by the Asian country in innovations in these sectors. The American body does not point the finger directly at Beijing, but the Baiwang and Aisino software before being distributed pass by the approval of NISEC(National Information Security Engineering Center), a state-controlled reality believed to be close to the People’s Liberation Army.