Spyware-like features have been discovered inside an app named “Beijing One Pass” that foreign companies operating in China are forced to install on their systems in order to access a digital platform to manage employee state benefits.
The spyware behavior was discovered last month by Insikt Group, the threat research division of Recorded Future, which analyzed a copy received from a customer who was forced to install the suspicious on its systems.
According to the team’s analysis, the app contained features that could be considered “suspicious for a benefits software application” and which are ordinarily found in malware strains. This included features such as:
The suspicious app, shown in the image above, was developed by the Beijing Certificate Authority (BJCA), a Chinese state-owned company primarily known for its certificate authority (CA) business.
At the time of writing, it is unclear if the spyware features were added inside the Beijing One Pass software on purpose or if they were inserted after a compromise of the company’s software development pipeline.