Last week on the Panda Security blog we reported the first annual fall in malware attacks that we could remember. But as we noted at the time, we all need to stay vigilant because cybercriminals continue to develop new attacks.
It is also worth noting that cybercriminals are not the only source of malware. A recent study has found that national governments are also deploying malware as a way to spy on citizens and foreign companies.
A back door into the bank
Take GoldenSpy malware for instance which collects information from infected computers and sends it back to a server in China. What makes this particular infection unusual is where it comes from – tax software.
Any business trading in China is required by law to install a specific application that automatically calculates tax. According to the Chinese government, this system ensures that companies cannot avoid paying taxes they owe to the state.
The problem is that those businesses cannot avoid installing GoldenSpy either. The malware is built into the application by the developers on purpose. And once installation has completed, the Chinese authorities have a backdoor into the infected computer, and a foothold in the company’s network.
State-sponsored hackers can then add new users, attack other systems inside the network, or steal intellectual property and commercially sensitive information. And the malware has been designed to reinstall itself if anyone tries to remove it.
The importance of protection
China operates a significant state surveillance operation that tracks and traces citizens and foreign visitors at all times. Online activity is significantly limited and certain apps and services will not work at all. Fortunately, China is a worst-case example – very few countries are quite so blatant or controlling.
Even if you never visit China however, GoldenSpy is an important warning – malware can be found almost anywhere. Even regular hackers now spend a lot of time and effort trying to ‘poison’ official applications.
Why? Because we automatically trust applications supplied by a trusted brand. The malware may also be able to ‘borrow’ the digital security certificate credentials belonging to the app, allowing them to defeat some of the safeguards built into operating systems like Windows and Mac OS. We almost never check official downloads for malware and viruses because we assume they will be safe. Unfortunately, this is not always the case.
The only workable solution is to ensure your system is protected by an intelligent, up-to-date anti-malware suite like Panda Dome. Panda Dome monitors all system activity to automatically detect and block anything suspicious. Anti-malware makes none of the assumptions we do – it blocks everything suspicious, even if it comes from an official source.