07-29-2020 , 06:53 AM
https://www.pandasecurity.com/mediacente...ack=180715 State-sponsored malware – a real and present danger
July 28, 2020 Last week on the Panda Security blog we reported the first annual fall in malware attacks that we could remember. But as we noted at the time, we all need to stay vigilant because cybercriminals continue to develop new attacks.
It is also worth noting that cybercriminals are not the only source of malware. A recent study has found that national governments are also deploying malware as a way to spy on citizens and foreign companies.
A back door into the bank
Take GoldenSpy malware for instance which collects information from infected computers and sends it back to a server in China. What makes this particular infection unusual is where it comes from – tax software.
Any business trading in China is required by law to install a specific application that automatically calculates tax. According to the Chinese government, this system ensures that companies cannot avoid paying taxes they owe to the state.
The problem is that those businesses cannot avoid installing GoldenSpy either. The malware is built into the application by the developers on purpose. And once installation has completed, the Chinese authorities have a backdoor into the infected computer, and a foothold in the company’s network.
State-sponsored hackers can then add new users, attack other systems inside the network, or steal intellectual property and commercially sensitive information. And the malware has been designed to reinstall itself if anyone tries to remove it.
July 28, 2020 Last week on the Panda Security blog we reported the first annual fall in malware attacks that we could remember. But as we noted at the time, we all need to stay vigilant because cybercriminals continue to develop new attacks.
It is also worth noting that cybercriminals are not the only source of malware. A recent study has found that national governments are also deploying malware as a way to spy on citizens and foreign companies.
A back door into the bank
Take GoldenSpy malware for instance which collects information from infected computers and sends it back to a server in China. What makes this particular infection unusual is where it comes from – tax software.
Any business trading in China is required by law to install a specific application that automatically calculates tax. According to the Chinese government, this system ensures that companies cannot avoid paying taxes they owe to the state.
The problem is that those businesses cannot avoid installing GoldenSpy either. The malware is built into the application by the developers on purpose. And once installation has completed, the Chinese authorities have a backdoor into the infected computer, and a foothold in the company’s network.
State-sponsored hackers can then add new users, attack other systems inside the network, or steal intellectual property and commercially sensitive information. And the malware has been designed to reinstall itself if anyone tries to remove it.