FBI/CISA Warn US Firms of State-Mandated Tax Malware
The FBI and Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency have released a joint warning pertaining to organizations doing business in China after news broke of an attempt to target US organizations with a dangerous malware hidden in government-mandated tax software. Trustwave researchers uncovered the campaign in June after they found a backdoor in tax software that foreign companies are required to install. The backdoor, dubbed GoldenSpy, was just part of a larger campaign including more malicious backdoors and injections.
The malware was hidden and could not be removed by the victim. Trustwave eventually found another backdoor called GoldenHelper, which resembled GoldenSpy. GoldenHelper, however, was deployed throughout 2018 and 2019. After news of the backdoors broke, researchers found an attempt to cover up the scandal as an unknown actor released an uninstaller for the backdoors which were previously impossible to rid of. The Flash alert was issued earlier this week to US businesses.