Article 552F2 Chinese bank requires foreign firm to install app with covert backdoor

Chinese bank requires foreign firm to install app with covert backdoor

by
Dan Goodin
from Ars Technica - All content on (#552F2)
backdoor-800x533.jpg

Enlarge (credit: Jeremy Brooks / Flickr)

A large, multinational technology company got a nasty surprise recently as it was expanding its operations to China. The software a local bank required the company to install so it could pay local taxes contained an advanced backdoor.

The cautionary tale, detailed in a report published Thursday, said the software package, called Intelligent Tax and produced by Beijing-based Aisino Corporation, worked as advertised. Behind the scenes, it also installed a separate program that covertly allowed its creators to remotely execute commands or software of their choice on the infected computer. It was also digitally signed by a Windows trusted certificate.

Researchers from Trustwave, the security firm that made the discovery, have dubbed the backdoor GoldenSpy. With system-level privileges to a Windows computer, it connected to a control server located at ningzhidata[.]com, a domain Trustwave researchers said is known to host other variations of the malware. The backdoor included a variety of advanced features designed to gain deep, covert, and persistent access to infected computers.

Read 2 remaining paragraphs | Comments

index?i=M-cQ2MFPrfQ:BKNP_zTuDB0:V_sGLiPB index?i=M-cQ2MFPrfQ:BKNP_zTuDB0:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments