Security News > 2020 > August > Multiple Uninstallers Released for China-Linked 'GoldenSpy' Malware
The GoldenSpy malware was initially detailed in late June, and was likely deployed since April 2020, via an official tax application that foreign companies doing business in China are required to install.
In late June, soon after the initial report on GoldenSpy was published, the actors behind it leveraged the update mechanism within the tax software to deliver an uninstaller to the infected machines and completely remove the malware and additional artifacts, including the uninstaller.
Today, Trustwave revealed that a total of five GoldenSpy uninstallers have been released to date, some of which have been uploaded to public repositories, thus increasing their detection rates.
"Understanding the attackers were watching our every move to help organizations impacted by GoldenSpy, we waited a period-of-time and quietly kept tracking with our threat hunting strategy. What we found is that they are continuing to push new GoldenSpy uninstallers - so far we have discovered five variants totaling 24 uninstaller files," Trustwave says.
On their website, the company provides two files for download, which Trustwave identified as being a GoldenSpy dropper and the GoldenSpy uninstaller.