Expert Comments

Comments On Cybersecurity Firm Finds More Spyware Hidden In Chinese Tax Software

Expert(s): Security Experts
Expert(s): Security Experts

A security firm that last month highlighted spyware hidden in Chinese tax software issued a new report Tuesday shedding more light on how Western companies doing business in China are targeted for industrial espionage. Analysts at cybersecurity firm Trustwave say they have discovered a new type of malware they say was embedded in sales tax software — a different, older malicious tool than the previous one they found. In June, Trustwave’s SpiderLabs reported on malware they called GoldenSpy, which was hidden inside software that their client, a tech firm with ties to the U.S. defence industry, was required to install to pay local taxes. The malware secretly installed a back door that gave attackers complete access to the company’s networks, Trustwave reported.

Experts Comments

July 16, 2020
Paul Bischoff
Privacy Advocate
Comparitech
Sometimes it's hard to avoid using tax software in countries where there are no secure alternatives, the law is unfamiliar, and there are language barriers. I recommend any company that insists on using Chinese tax software do so on an isolated device with no access to the company's network or other resources. A virtual machine might be suitable so long as it's set up in a secure way. This way, if the device gets infected, it can't spread to other devices on the company network and won't find.....Read More
Sometimes it's hard to avoid using tax software in countries where there are no secure alternatives, the law is unfamiliar, and there are language barriers. I recommend any company that insists on using Chinese tax software do so on an isolated device with no access to the company's network or other resources. A virtual machine might be suitable so long as it's set up in a secure way. This way, if the device gets infected, it can't spread to other devices on the company network and won't find anything to steal on the local device.  Read Less
July 16, 2020
Chris Hauk
Consumer Privacy Champion
Pixel Privacy
The GoldenSpy and GoldenHelper revelations are just the latest in a series of malware/spyware apparently installed on the computers of U.S. corporations doing business in China. U.S. officials have long believed the Chinese government actively steals corporate secrets from U.S. corporations, some of who are involved in the U.S. defence industry. Incidents such as this underscore the need for corporations to practice safe computing measures, spend more money on protecting their computer.....Read More
The GoldenSpy and GoldenHelper revelations are just the latest in a series of malware/spyware apparently installed on the computers of U.S. corporations doing business in China. U.S. officials have long believed the Chinese government actively steals corporate secrets from U.S. corporations, some of who are involved in the U.S. defence industry. Incidents such as this underscore the need for corporations to practice safe computing measures, spend more money on protecting their computer networks, and educate their employees and executives on safe computing practices. Users need to stay alert for any situation that may indicate spyware or malware has infected their systems.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Report Says Russian Hackers Haven’t Eased Spying Efforts, Expert Weighs...

BitMart Attack – Combatting Cyber Criminals’ Crypto Appetite

Expert Comments: Spar Stores Hit By Major Cyberattack

Expert Comment: Ceeloader Malware

Planned Parenthood LA breached, Experts Weigh In

Data Security Comment: Colorado Energy Company Loses 25 Years Of...

Colorado Energy Company DMEA Loses 25 Years Of Data After...

Governemnt Data Breach Of New Years Honours Recipients

New Malvertising Campaign Spreads Backdoors, Malicious Chrome Extensions

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts