IE 11 is not supported. For an optimal experience visit our site on another browser.

Cybersecurity firm finds more spyware hidden in Chinese tax software

Trustwave says it has discovered a new type of malware called GoldenHelper embedded in sales tax software — a different tool than one it found previously

WASHINGTON — A security firm that last month highlighted spyware hidden in Chinese tax software issued a new report Tuesday shedding more light on how Western companies doing business in China are targeted for industrial espionage.

Analysts at cybersecurity firm Trustwave say they have discovered a new type of malware they say was embedded in sales tax software — a different, older malicious tool than the previous one they found.

In June, Trustwave’s SpiderLabs reported on malware they called GoldenSpy, which was hidden inside software that their client, a tech firm with ties to the U.S. defense industry, was required to install to pay local taxes. The malware secretly installed a back door that gave attackers complete access to the company’s networks, Trustwave reported.

On Tuesday, Trustwave highlighted a different piece of spyware they are calling GoldenHelper, which they say was hidden in different tax software required by Chinese banks for payment of value-added taxes. It, too, opened users to hackers, who could secretly steal corporate secrets.

"The new malware is entirely different from GoldenSpy, although the delivery modus operandi is highly similar," the report says.

Click here to read the report.

The report says the GoldenHelper malware campaign was active in 2018 and 2019 before abruptly ending in July 2019. It was hidden in what is known as Golden Tax Invoicing Software, which was required of companies to help account for and pay value-added taxes, a form of sales tax, the report says.

Since the publication of the report on GoldenSpy, Trustwave said it discovered that a program had been inserted into the tax software that erased all traces of the malware.

"Whoever is behind GoldenSpy is currently scrambling to erase all traces of it," said the firm, which did not name affected clients, as is customary in the cyber security industry.

Trustwave did not formally point fingers at who they believe is behind the spyware, except to say it had the hallmarks of a nation-state campaign.

U.S. intelligence officials say the Chinese government relentlessly siphons corporate secrets from Western companies, a charge China denies.