HOMETHREATSGoldenSpy
MALWARE FAMILY

GoldenSpy

Internal ID: win.goldenspy
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According securityweek, GoldenSpy, the malware was observed as part of a campaign that supposedly started in April 2020, but some of the identified samples suggest the threat has been around since at least December 2016.

One of the compromised organizations, a global technology vendor that conducts government business in the US, Australia and UK, and which recently opened offices in China, became infected after installing “Intelligent Tax,” a piece of software from the Golden Tax Department of Aisino Corporation, which a local bank required for paying local taxes.

Although it worked as advertised, the software was found to install a hidden backdoor to provide remote operators with the possibility to execute Windows commands or upload and run files.

Threat Analysis

GoldenSpy is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.

External References

Quick Facts

TypeMalware Family
Aliases1

Also Known As

win.goldenspy

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
GoldenSpy — Malware Family | Threat Intelligence | CTIWATCH.COM