Last month, users were warned that the Intelligent Tax software product by the Aisino Corporation was found to have the GoldenSpy backdoor hidden within it. Now it appears that GoldenSpy was not the only malware hidden within Chinese corporate tax software. It was discovered that the GoldenHelper malware was found in the Golden Tax Invoicing Software from Baiwang. While GoldenHelper is functionally different from GoldenSpy, both share a similar delivery method. They utilize three DLLs to interface with Golden Tax Software: bypass Windows security, escalate privileges, and download and execute arbitrary code. GoldenHelper also makes use of a number of means of obfuscation to evade detection, including name randomization while in transit. From January 2018 to July 2019 GoldenHelper was found to install a final payload named “taxver.exe,” though no samples have yet to be analyzed at this time.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.