Expert Comments

Comments On Cybersecurity Firm Finds More Spyware Hidden In Chinese Tax Software

Expert(s): Security Experts
Expert(s): Security Experts

A security firm that last month highlighted spyware hidden in Chinese tax software issued a new report Tuesday shedding more light on how Western companies doing business in China are targeted for industrial espionage. Analysts at cybersecurity firm Trustwave say they have discovered a new type of malware they say was embedded in sales tax software — a different, older malicious tool than the previous one they found. In June, Trustwave’s SpiderLabs reported on malware they called GoldenSpy, which was hidden inside software that their client, a tech firm with ties to the U.S. defence industry, was required to install to pay local taxes. The malware secretly installed a back door that gave attackers complete access to the company’s networks, Trustwave reported.

Experts Comments

July 16, 2020
Paul Bischoff
Privacy Advocate
Comparitech
Sometimes it's hard to avoid using tax software in countries where there are no secure alternatives, the law is unfamiliar, and there are language barriers. I recommend any company that insists on using Chinese tax software do so on an isolated device with no access to the company's network or other resources. A virtual machine might be suitable so long as it's set up in a secure way. This way, if the device gets infected, it can't spread to other devices on the company network and won't find.....Read More
Sometimes it's hard to avoid using tax software in countries where there are no secure alternatives, the law is unfamiliar, and there are language barriers. I recommend any company that insists on using Chinese tax software do so on an isolated device with no access to the company's network or other resources. A virtual machine might be suitable so long as it's set up in a secure way. This way, if the device gets infected, it can't spread to other devices on the company network and won't find anything to steal on the local device.  Read Less
July 16, 2020
Chris Hauk
Consumer Privacy Champion
Pixel Privacy
The GoldenSpy and GoldenHelper revelations are just the latest in a series of malware/spyware apparently installed on the computers of U.S. corporations doing business in China. U.S. officials have long believed the Chinese government actively steals corporate secrets from U.S. corporations, some of who are involved in the U.S. defence industry. Incidents such as this underscore the need for corporations to practice safe computing measures, spend more money on protecting their computer.....Read More
The GoldenSpy and GoldenHelper revelations are just the latest in a series of malware/spyware apparently installed on the computers of U.S. corporations doing business in China. U.S. officials have long believed the Chinese government actively steals corporate secrets from U.S. corporations, some of who are involved in the U.S. defence industry. Incidents such as this underscore the need for corporations to practice safe computing measures, spend more money on protecting their computer networks, and educate their employees and executives on safe computing practices. Users need to stay alert for any situation that may indicate spyware or malware has infected their systems.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Expert Comments – Travis CI Flaw Reveals *All* Keys, Credentials,...

Misconfigured APIs Make-Up Two-Thirds of Cloud Breaches

Epik Data Breach- Blue Hexagon Comments

Former US Intel Operatives Fined $1.6M For Hacking For A...

Microsoft Lets Users Go Passwordless, Experts Weigh In

Security Expert Re: New OWASP Top 10 List for Application...

Microsoft Patch Tuesday Expert Commentary

Deloitte Poll: C-suite Expects Ransomware Uptick But Orgs. Aren’t Trained...

What Expert Says On The Latest OMI Vulnerability In Azure

Expert Reacted On High Severity Vulnerability Found In HP’s Popular...

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy