Australian Inboxes Hit With Fake ASIC Malware

MailGuard ATO Scam

If you live Down Under, you might want to stick to the old-fashioned kind of surfing and avoid the web today. Not for the first time — not even for the first time this year ­— cybercriminals have posed as the Australian Securities and Investments Commission (ASIC), Australia’s corporate regulator, to deliver malware to swaths of email inboxes.

Local email filtering company MailGuard said it was one of the largest-scale malware cyberattacks it had identified within the past year.

The fake email tells business owners that the name of their business is due for renewal and to click the link to download a renewal notice. But instead of a renewal notice, victims are downloading a zipped archive file containing a malicious JavaScript file.

The email also includes details on how to renew a business name, including directions for making the renewal payment. However, MailGuard said the payments are secondary; the criminals’ real goal is to get their malware downloaded onto as many computers as possible.

On Monday, July 10, when the cyberattack first struck and news of it spread, MailGuard said it was not yet sure what type of malware it was dealing with. It could be a virus or ransomware. But the intent was clear: The sender hoped to disrupt, damage or take over a computer system or data, MailGuard said Monday.

This is the fourth time this year — as in, 2017; as in, the last six months — that a scam has used the ASIC name to slip malware into masses of inboxes.

The email looks legitimate, featuring ASIC’s branding and the Australian government’s coat of arms. With a straightforward subject line — simply, “Renewal” — and clean formatting, it’s no wonder people have fallen for the scam.

MailGuard noted three telltale signs could have alerted victims that the message was a scam.

First, the domain of origin, asicdesk.com, was recently registered in China. Second, the letter begins, “Dear customer” instead of addressing the recipient by name; official agencies will always use your name, MailGuard said. Third, it should always throw up a red flag when an email asks you to send money. And finally, the letter is “signed” by a “Myra Tango, Senior Executive Leader, Registry.”

Myra Tango does not exist. At least, not at ASIC. A Google search would have revealed as much. The bottom line for cybersecurity is this: Be vigilant out there and remember that the sharks in the surf aren’t the only ones you have to look out for.