Security News > 2020 > July > 'GoldenSpy' Malware Uninstaller Delivered to Victims Following Public Exposure
Within days after a report detailing the GoldenSpy malware operation targeting organizations doing business in China, an uninstaller was pushed to affected systems to completely remove the infection.
Designed to provide attackers with unfettered access to the victim networks, with SYSTEM privileges, the GoldenSpy malware is believed to have been around since 2016, but it's unclear how many organizations it might have compromised to date.
"In our testing, this GoldenSpy uninstaller will automatically download and execute, and effectively, will negate the direct threat of GoldenSpy in your environment as the deployment of this uninstaller is delivered directly from the supposedly legitimate tax software, this has to leave users of Intelligent Tax concerned about what else could be downloaded and executed in a similar manner," Trustwave notes.
A second version of the GoldenSpy uninstaller was observed on June 29, only hours after the initial variant emerged.
Analysis of the uninstaller also revealed that it removes GoldenSpy following the exact malware removal steps that Trustwave included as recommendation in their report.