The software imposes a major security risk on victim companies – requiring them to use one of only two approved programs to pay their taxes – both of which have been found embedded with vulnerabilities, according to Trustwave, the cybersecurity firm.
Due to the comprimised security issues, the FBI sent out a warning Thursday to companies in the health care, chemical and finance industries, the technology news outlet ZDNet reported.
The FBI is warning that the malware gives whoever controls it the potential ability to “conduct remote code execution and exfiltration activities on the victim’s network,” according to the outlet.
Near the end of last month, analysts at Trustwave announced they had uncovered the new type of malware, which they called “GoldenSpy,” hidden in tax payment software required by a state-owned Chinese bank for use by corporations that do business in China.
The firm was working on behalf of an unidentified company with ties to the US, Australia and UK that had only recently set up offices in China.
“We identified an executable file displaying highly unusual behavior and sending system information to a suspicious Chinese domain,” the firm said on June 25. “Discussions with our client revealed that this was part of their bank’s required tax software.”
The company had been required to use the software in order to pay local taxes. Trustwave said it was uncertain whether the malware was embedded in all of the tax software or if it was deployed against specific targets.
On July 14, Trustwave said it had uncovered an older, similar but different version of embedded malware, also linked to China’s tax system, which it called “GoldenHelper.”