Emails purporting to be from the Australian corporate regulator and loaded with malware are filling inboxes around the country, according to local email filtering company, MailGuard.
The attack began just after the start of the working day on 10 July and quickly escalated to become one of the largest-scale malware deliveries to be identified by MailGuard within the past year.
The exploit, which is delivered via an email pretending to be from the Australian Securities and Investments Commission (ASIC), tells recipients that their business name is due for renewal, directing them to click on a link to download a renewal notice.
However, the link downloads a .zip archive file, which contains a malicious JavaScript file.
“While the exact type of malware isn’t clear – it could be anything from a virus to ransomware – the point of it is to disrupt, damage or gain control of a computer system or data,” MailGuard CEO, Craig McDonald, said in a statement.
MailGuard has outlined a number of telltale signs that potential targets can use to identify the dodgy email.
First, the email appears to be from ‘ASIC Messaging Service’, and is sent from the domain ASIC.Transaction.No-reply @ asicdesk. com [altered] – the domain was recently registered in China.
The subject line of the email is “Renewal”, while the well-formatted message contains ASIC branding and government coat of arms.
It stands out, however, due to a lack of personalisation, simply addressing the recipient as “Dear customer”. This is something legitimate agencies don’t do, according to MailGuard.
The email also provides details on how to renew a business name, telling recipients they can pay for the fake renewal with their credit card or by requesting an invoice.
“The payment tips are just part of the scam; the cybercriminals want victims to download the malicious attachment rather than to open their wallets,” McDonald said.
Finally, the suspect email is signed off by “Myra Tango, Senior Executive Leader, Registry”. No employee by that name appears to exist at ASIC, according to MailGuard.
This is not the first time ASIC has been used as a false identity for malware-laden emails, with similar scams landing in January, March and May.
The new wave of malware comes just days after MailGuard released details of another email scam targeting Microsoft Windows users.
In that scam, the sender pretends to be forwarding a document from the Australian Taxation Office (ATO) supposedly intended for the end victim. The sender claims to have mistakenly received the victim’s tax information and asks what should be done to solve the problem.
By asking the recipients if they received a particular document with a link to the document in question, it lures the person into clicking on a link to a document loaded with malware.
