Spyware
GoldenSpy
According securityweek, GoldenSpy, the malware was observed as part of a campaign that supposedly started in April 2020, but some of the identified samples suggest the threat has been around since at
According securityweek, GoldenSpy, the malware was observed as part of a campaign that supposedly started in April 2020, but some of the identified samples suggest the threat has been around since at least December 2016.
One of the compromised organizations, a global technology vendor that conducts government business in the US, Australia and UK, and which recently opened offices in China, became infected after installing “Intelligent Tax,” a piece of software from the Golden Tax Department of Aisino Corporation, which a local bank required for paying local taxes.
Although it worked as advertised, the software was found to install a hidden backdoor to provide remote operators with the possibility to execute Windows commands or upload and run files.
Family metadata imported from Malpedia (Fraunhofer FKIE).