FBI Alert About Malware Backdoors Created by Chinese Tax Software

The FBI released a private industry warning concerning the danger of malware infection from using the Chinese tax software program after discovering two backdoors brought in by the tax software required by the Chinese government. The backdoor malware was found in the software program created by two Chinese firms to process the value-added tax (VAT) paid to the Chinese government. The two technology companies approved by the Chinese government to deliver the VAT software are Aisino and Baiwang. Any firm doing business in the PRC needs to use this software.

The FBI alert comes after Trustwave published two reports regarding backdoor malware variants known as GoldenSpy and GoldenHelper. These malware software programs offer a backdoor to access corporate networks, change privileges to an administrator, permit stealing of intellectual property by the operators, execute code remotely and install more malware payloads.

Two U.S. firms were already infected by the backdoors subsequent to getting tax software program updates, which were introduced in 2018 right after implementing modifications to the Chinese VAT regulations. The first is a U.S. pharmaceutical company found to have the GoldenHelper backdoor within its network last April 2019. The Baiwang Tax Control Invoicing software had been downloaded by an employee in July 2018. But it seems that the backdoor was only brought in in March 2019 after updating the software. Besides the software updates in the primary tax program, the installation of a driver produced the backdoor.

The second firm downloaded the Intelligent Tax software program from Aisino Corporation. According to a private cybersecurity company, the GoldenSpy backdoor was most likely brought in by the software program and implies that GoldenSpy was a new version of GoldenHelper.

The FBI identified the businesses that are most vulnerable as those belonging to the finance, healthcare, and chemical industries since state-sponsored hackers targeted those businesses in the past. The FBI made no accusation against China about adding malware to the software program. However, the FBI has mentioned that a private, state-owned business known as NISEC (National Information Security Engineering Center) that has associations to China’s People Liberation Army is supervising the two Chinese firms.

The warning came after a number of companies that read the two Trustware reports came out to say they were also infected with the malware.