Australian cybersecurity agency used as cover in malware campaign

The Australian government warns of an ongoing campaign impersonating the Australian Cyber Security Centre (ACSC) to infect targets with malware.

Scammers coordinating these attacks are also actively attempting to convince potential victims to install remote administration and desktop sharing software with the end goal of stealing the targets’ banking information.

“The Australian Cyber Security Centre (ACSC) warns some Australians are receiving phone calls or emails from scammers claiming to be ACSC employees and that the receiving person’s computer has been compromised,” the cybersecurity agency warned.

The emails sent by these threat actors masquerade as official messages delivered by the ACSC which try to persuade Australians on the receiving end to download antivirus software via malicious links.

Once they download it and launch it on their computers, the victims will infect themselves with an undisclosed malicious software that could potentially allow the scammers to take over their computers and steal sensitive information.

Reports of scam phone calls targeting banking info

“Further to the emails, there have been reports of cybercriminals calling individuals from a spoofed Australian phone number requesting they download ‘TeamViewer’ or ‘AnyDesk’ onto their device to help resolve malware issues,” the ACSC added.

“The scammer then attempts to persuade recipients to take actions, such as enter a URL into a browser and access online banking services, which then compromises their computer to reveal banking information.”

Australians who have been targeted in this campaign or want to find more about these ongoing attacks are advised to reach out to the ACSC by calling 1300 292 371 (1300 CYBER 1).

Last year, the ACSC also warned of phone scammers impersonating Australian government agencies and businesses.

As part of these attacks, the scammers tried to persuade their targets to hand over credentials which they could later use to install remote access apps to log into victims’ bank and online accounts to steal financial info.

Those targeted by such remote access scams are urged to abide by these recommendations:

  • If you’ve received one of these calls but have not engaged with the scammer, you can report it to Scamwatch.
  • If the cybercriminal has accessed your device via Team Viewer, Zoho Assist or AnyDesk, you should report it to ReportCyber and immediately notify your bank. Your financial institution may be able to put a temporary freeze on your financial accounts.
  • To prevent further compromise, you should also change passwords on all your important online accounts including banking, email and social media, and turn on two-factor authentication for extra security.