Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Malware your own business is back in time for EOFY

Chris Player | June 27, 2017
Accounting company MYOB impersonated by cyber crooks, again.

laptop keyboard chained

Australian accounting software company, MYOB, has had its brand hijacked in malware scam for the second time this year.

Distribution of the malicious emails began on the afternoon of Tuesday 20 June, according to email filtering company MailGuard, and quickly escalated to become one of the biggest scam email influxes detected by by the company in the past 12 months.

The malicious invoices purport to come from various companies, and include ‘Powered by MYOB’ branding at the bottom of the message in an effort to convey legitimacy, MailGuard said.

The company added that the email trades on the trusted reputation of the Australian software company – and the innocent suppliers whose names are used in an attempt to dupe people into clicking the link. It’s a common tactic used by cybercriminals.

“By targeting popular brands, recipients are more likely to have a relationship with the company being impersonated. That’s an instant foot in the door,” MailGuard CEO Craig MacDonald said.

He added that it was not just direct customers at risk.

“Because the fraud email has been distributed so widely, and many innocent companies have had their name included as the invoice issuer, it widens the net with regard to the number of people susceptible to clicking the malicious link,” he said,

“This presents a real risk – particularly for businesses that enable employees to check their personal email on work computers.”

In keeping with the pattern of similar recent campaigns, MailGuard said the the ‘view invoice’ button in the email links to a hosted .ZIP file containing malware.

The domain for which was registered on 20 June with a China-based registrar.

MailGuard said the sender display name varies but the displayed (and actual) sending address is noreply @ financialaccountant .info [altered].

The ‘View invoice’ button links to a .ZIP archive file which contains a malicious JavaScript file.

The malware steals private information from local Internet browsers; installs itself for autorun at Windows startup; and implements a process that significantly delays the analysis task.


Sign up for Computerworld eNewsletters.