The actors behind a campaign to spread GoldenSpy malware via tax accounting software used by customers of a Chinese bank have recently attempted to distribute an uninstaller that deletes the backdoor in an apparent attempt to cover up their illicit activities.
In a previous company blog post and threat report, Trustwave and its SpiderLabs team identified the accounting software as Intelligent Tax, which was reportedly developed by China-based Aisino Corporation, and digitally signed by a second Chinese company, Chenkuo Network Technology. It is unknown if the bank (which Trustwave left unnamed), Aisino, Chenkuo Network Technology, or another party such as the Chinese government was actively behind the scheme.
Now, in a follow-up blog post, Trustwave reports that it observed the new uninstaller, called AWX.exe, on June 28.
Trustwave says the purpose of the installer is to delete any trace of evidence that GoldenSpy ever existed on an infected machi ..
Support the originator by clicking the read the rest link below.
