A new round of malware has hit users across Australia, with scammers impersonating the Australian Securities and Investments Commission (ASIC) through a series of malicious emails.
According to reports, a domain set up in Hong Kong on 29 May is being used to impersonate the Australian corporate watchdog via email to infect local computers with malware.
The email blast is still under way, with tens of thousands of copies already distributed, containing a link to a malicious file capable of compromising a computer or system.
Claiming to be from the ‘ASIC Messaging Service’, the letter tells recipients to click a link to see a ‘company renewal’ letter. Instead, the link triggers the download of a malicious file.
The scam originates from the domain australiangovernments.com, set up on 29 May via a registrar based in Hong Kong.
“It’s not the first time ASIC has been falsely represented by scammers,” MailGuard CEO Craig McDonald told ARN.
In early March a similarly large distribution of fake ASIC emails hit inboxes, while in late January, ASIC was again mimicked by cyber criminals.
While the new attack contains ASIC branding, McDonald said it doesn’t address recipients by name or contain any information about the company name that supposedly needs renewal.
Specifically, it’s signed off by Ashley Hughes, apparently 'senior executive leader' at the government agency yet no staff member by that name appears to exist at ASIC.
“Those who click to the link inadvertently download a malicious JavaScript file housed within a zip file on a compromised SharePoint site,” McDonald explained.
“The scammers have taken steps to evade detection, setting up their domain with SPF, DKIM and reverse DNS to avoid common anti-spam checks.”
While the exact type of malware isn’t clear – McDonald said it could be anything from a virus to ransomware, and is generally designed to disrupt, damage or gain control of a computer system or data.
“Malware can reformat your hard drive, alter, delete or encrypt files, steal sensitive information, send unauthorised emails, or take control of your computer and all of the software on it,” McDonald added.
The real ASIC website has warned about scams targeting ASIC customers.
“Scammers pretending to be from ASIC have been contacting Registry customers asking them to pay fees and give personal information to renew their business or company name,” ASIC stated.
“These emails often have a link that provides an invoice with fake payment details or infects your computer with malware if you click the link.”
