- Intelligent computer spy software install#
- Intelligent computer spy software update#
- Intelligent computer spy software upgrade#
- Intelligent computer spy software software#
- Intelligent computer spy software download#
"We do not yet know the scope, purpose, or actors behind the threat. Their report emphasizes that the discovery of GoldenSpy generated plenty of questions that have no answer at the moment. Trustwave's research uncovered that Chenkuo Technology, whose certificate signed svm.exe, announced in October 2016 a partnership with Aisino for "big data cooperation." The security experts admit that GoldenSpy could enable big data access and collection but have no clue if Chenkuo is actively and willingly involved in this operation. Trustwave believes that the threat became active in April 2020, although they found versions with a timestamp from 2016 that have not been analyzed until this year. It fetched from 223.112.21.2:8090 a customized uninstaller called “AWX.Exe.”
The researchers note that from June 28 Intelligent Tax no longer delivered GoldenSpy to infected machines.
Intelligent computer spy software download#
“In our testing, this GoldenSpy uninstaller will automatically download and execute, and effectively, will negate the direct threat of GoldenSpy in your environment, however, as the deployment of this uninstaller is delivered directly from the supposedly legitimate tax software, this has to leave users of Intelligent Tax concerned about what else could be downloaded and executed in a similar manner” - Trustwave The uninstaller deleted registry entries, GoldenSpy files, folders, and log data and then removed itself from the system just as silently as during the initial malware installation (no permission, no notification).
Intelligent computer spy software software#
Three days after exposing GoldenSpy behavior, Trustwave noticed a new component downloaded by the Aisino Intelligent Tax software that completely removed all trace of the backdoor. The researchers say that a highly similar incident occurred at a major financial institution. This behavior was observed on systems from a global technology vendor, one of Trustwave’s clients that had opened their business in China recently.
This is a known method to avoid network security technologies designed to identify beaconing malware,” Trustwave said in its first report. “After the first three attempts to contact its command and control server, it randomizes beacon times. It gets updates from a domain (“ningzhidatacom” - registered on September 22, 2019) that hosts other GoldenSpy variations. Trustwave found that the backdoor uses a different network infrastructure than Aisino’s tax software. This shows that removing GoldenSpy is far from an easy task.
Intelligent computer spy software upgrade#
It's worth noting that svm.exe is signed with a certificate from a company named Chenkuo Network Technology and its description translates to "certified software version upgrade service."Īn announcement in October 2016 informs of a partnership between Chenkuo and Aisino for "big data cooperation," the researchers found. They admit that GoldenSpy could enable big data access and collection but have no clue if Chenkuo is actively and willingly involved in this operation.Īn exeprotector module keeps an eye on both copies and retrieves a new version if any of the two copies are deleted. Should any of them stop, its counterpart starts running. Moreover, GoldenSpy was not installed with Intelligent Tax but downloaded and deployed silently two hours later.įurthermore, two identical versions were installed as autostart services ("svm.exe" and "svmm.exe") for persistence on the computer.
Intelligent computer spy software update#
The Aisino software has its own update mechanism and did not remove the backdoor from the system when uninstalled.
The activity observed consisted of exfiltrating basic system information and beaconing a remote server for updates. The backdoor runs with the highest privileges on the system, allowing it to execute any software, legitimate or not. Double taxation on foreign companiesįollowing an investigation into suspicious behavior on systems belonging to one of their clients, researchers at Trustwave SpiderLabs found that Intelligent Tax behaved in a way that is unrelated to the GoldenSpy component.Īlthough the actor and the purposes behind GoldenSpy remain unclear, the researchers say that the component has characteristics similar to a coordinated advanced persistent (APT) campaign that focuses on foreign companies operating in China.
Intelligent computer spy software install#
GoldenSpy stayed hidden in software called Intelligent Tax, from Aisino Corporation, that a Chinese bank required its company customers to install for paying local taxes. As soon as security researchers uncovered the activity of GoldenSpy backdoor, the actor behind it fell back and delivered an uninstall tool to remove all traces of the malware.
0 kommentar(er)
