Malware-loaded emails purporting to be from Australia’s corporate regulator are doing the rounds again, with two huge loads dropping in Aussie inboxes over the past two days.
Email filtering company, MailGuard, revealed earlier this month that emails pretending to be from the Australian Securities and Investments Commission (ASIC) were filling inboxes around the country.
The exploit told recipients that their business name is due for renewal, directing them to click on a link to download a renewal notice. However, the link downloaded a .zip archive file, which contains a malicious JavaScript file.
On 19 July, MailGuard CEO, Craig McDonald, revealed that the company had seen two fresh rounds of the fake emails hit inboxes around the nation over the past two days.
“We’ve had two huge ASIC malware emails in the past two days. Yesterday’s ended up being particularly enormous,” a spokesperson for the company told ARN.
Another huge run of fake ASIC emails circulating this morning. Don't click the link - it downloads malware. @asic_connect @asicmedia #scam pic.twitter.com/2w6Nu6oLl0
— Craig McDonald (@CraigEMcDonald) July 19, 2017
According to MailGuard, both of the fresh waves of the dodgy email were the same type of scam attempt the company revealed on 11 July, with the same features.
However, the wave of emails that hit on 19 July was sent from a domain registered in China on 16 July.
Like the previous rounds, the formatting in the new load of emails is correct and looks convincing. The display name is ASIC Messaging Service, while the sending address is asic.transaction.no-reply @ federalgovernmentaustralia . com (altered).
Likewise, the "Pay now - business name renewals" link in the email is a legitimate ASIC link. However, the "renewal notice" is a malicious link to the hosted .zip file.
“Yesterday’s attempt was very similar,” the spokesperson told ARN. “But it sent from a domain registered in Cyprus.”
When MailGuard first reported on the fake ASIC email exploit in early July, it claimed it was one of the largest-scale malware deliveries to be identified by the company within the past year.
However, it was not the first time ASIC has been used as a false identity for malware-laden emails, with similar scams landing in January, March and May.
The fresh round of fake ASIC emails come just days after MailGuard spotted loads of new Origin-branded emails being sent to Aussie inboxes.
This was at least the fourth time Origin Energy has had its brand hijacked in a large-scale malware attack in the past two months, according to MailGuard.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.