A recent publication by Trustwave cyber-security revealed that a Chinese bank compelled at least two Western companies to deploy malware-laid tax software on their systems. These firms are a technology\/software vendor and a major financial institution headquartered in the United Kingdom, both of which have recently established offices in China. Trustware explained that, in a discussion with their client, they revealed that the so-called \u201cmalware\u201d has been part of the tax software required by the Chinese bank.\u00a0 It turned out that the local Chinese bank has told them to install a software kit named "Intelligent Tax" for paying local taxes. This software is produced by the Golden Tax Department of Aisino Corporation. Trustwave, which supported the UK software vendor with cybersecurity services, stated that they managed to identify the malware after detecting unusual network requests emanating from its client's network.\u00a0 The security firm said that the bank\u2019s tax software operated as advertised and, indeed, allowed its client to pay local taxes, but still, it had a secret backdoor installed. The GoldenSpy malware The backdoor, codenamed by Trustwave GoldenSpy, ran with SYSTEM-level access, allowing for a remote intruder to perform Windows commands, or import other applications inside the compromised system. As a matter of fact, nowadays, many types of software have remote-access features for debugging services. Nonetheless, Trustwave has reported to have found features which don\u2019t have legal usage elsewhere and are most commonly used in malware. For instance, the so-called GoldenSpy installs two identical versions of itself which run on autostart. \u00a0In addition, the software uses an exeprotector element that tracks for the elimination of either of the installs. Once removed, a new edition will be downloaded and installed. As a result, it is incredibly difficult to delete this file from an infected system. Furthermore, the uninstall feature of the Intelligent Tax program will not remove GoldenSpy. Even after the tax software is eliminated entirely, the questionable piece of software remains running as an open backdoor. Another thing that looks suspicious in the behavior of GoldenSpy according to the security firm is that it gets installed in the system only after a full two hours have passed after the tax software installation process has completed. This is quite unusual for official software. What is more, when GoldenSpy finally gets installed, it does it without showing any system notification. In addition to all this, GoldenSpy does not connect to the tax software\u2019s network infrastructure (i-xinnuocom) but, instead, reaches out to ningzhidatacom - a domain known to host other variations of malware with similar behavior. But even though Trustwave was able to detect the hidden backdoor within the Aisino Intelligent Tax software, it could not determine how it got inside. The security company said it could not decide whether Chinese government hackers have created the malicious software, or it has been secretly incorporated by one of the bank's red-doors employees, or it has been built by someone at the Aisino Corporation. There was also a lack of clarification if the Chinese intelligence might or may not have pressured the bank or the Aisino Corporation to add malware to their official software to allow it to spy on a foreign company or this has just been a hacker's attempt to have some personal or financial gain. Nevertheless, while these concerns remain unanswered, Trustwave raises the alert for other companies doing business in China that could have installed the same software to take the published incident as a warning.\u00a0 They urge those companies that have the Aisino Intelligent Tax Program\u00a0 to take the necessary countermeasures mentioned in their technical report in order to avoid potential system exploitation.