Here is another reason to never use Windows: A large, multinational technology company got a nasty surprise recently as it was expanding its operations to China. A local bank required the company to install another program that contained an advanced backdoor.
The cautionary tale, detailed in a report published Thursday, said the software package, called Intelligent Tax and produced by Beijing-based Aisino Corporation, worked as advertised. Behind the scenes, it also installed a separate program that covertly allowed its creators to remotely execute commands or software of their choice on the infected computer. It was also digitally signed by a Windows trusted certificate.
Researchers from Trustwave, the security firm that made the discovery, have dubbed the backdoor GoldenSpy. With system-level privileges to a Windows computer, it connected to a control server located at ningzhidata[.]com, a domain Trustwave researchers said is known to host other variations of the malware. The backdoor included a variety of advanced features designed to gain deep, covert, and persistent access to infected computers.
The details are available in an article by Dan Goodin in the Ars Technica web site at: https://bit.ly/3eBcGbT.
GoldenSpy has also been found in web sites that supply tax software. With the GoldenSpy malware, hackers can remotely connect to the infected system to run Windows commands, create new users, move laterally, and upload code to execute other malware. They possibly might be able to access the local network through the infected Windows computer to obtain data stored on servers and other computer systems attached to the same network.
One has to wonder how many other banking and other financial web sites already have GoldenSpy or similar spyware products installed. Is it already installed and running on your Windows system?