Recently, I see a certain tendency by the West to accuse Russia and China of all the evil in this world. At least when it comes to cyber-sec. The rest is mostly off the margin. Either you can take it for granted, or you can blame it for russ / chinese-phobia.
But if you believe Trustwave for a moment, it turns out that the Chinese government’s Intelligent-Tax tax app has spyware in it.
You could say that this is China’s problem, and if that’s what their government decided, let them live like that.
Well, not necessarily. Well, if you run a company and would like to establish your branch in China, and you want to have an account with a local bank, you need to settle accounts using this application.
What’s the deal with this backdoor?
Firstly, its installation is forced by a Chinese bank (it is not known which one exactly). The application itself has a Trojan module that works covertly and has been detected by observing the network traffic that this Trojan generates. It turns out that this backdoor can, among others:
– run any command in Windows,
– download data,
– upload and install any software.
Adding to the flavor is the fact that uninstalling this application will not uninstall the Trojan module at all.
The Trojan itself, apart from its functions described above, installs itself in 2 copies in the Autostart. Why? Because if any copy detects that its twin has been stopped, it restarts it. In the background there is also a third module which, after detecting the absence of 2 of its colleagues, downloads and installs them.
Quite a lot of effort from the usual government tax counting application, right?
It turns out, however, that not every bank customer had to get this application. It is very likely that only those selected (by the government) got the “special” version of this software. Trustwave described this in his report.
Do you have a company in China? What to do?
My advice is: it’s best to install the software on a virtual machine or a separate computer. You can never be too careful.