Researchers said at the campaign's peak on Sunday mid-morning, thousands of emails containing malicious attachments were being distributed per minute.
Researchers said at the campaign's peak on Sunday mid-morning, thousands of emails containing malicious attachments were being distributed per minute.

MailGuard researchers spotted a phishing campaign impersonating Australian payment solutions software firm MYOB in order to spread malware.

Researchers said at its peak on Sunday mid-morning, thousands of emails containing malicious attachments disguised as malicious invoices were being distributed per minute, according to a release.

Scammers tell victims they owe between $6300 and $6400, with the amount due today, in an email that looks like a legitimate invoice from a company using MYOB software. The phony emails even link to the real MYOB website and are sent from a newly registered myob-austrailia(dot)com domain to seem even more legitimate, researchers said.

Those who click on the malicious attachment are redirected to a compromised SharePoint website, which hosts a Trojan in the form of a JavaScript file while other versions point to a zip file which encloses the malicious Javascript payload.  

Researchers recommend users watch for strange sentence structure, or phrasing uncommon to the apparent sender, never sidestep formal processes for payments and call sender if in doubt, among other security best practices.

MYOB siad that they are always disappointed to hear when people are impacted by these type of scams and that should go to MYOB's community pages or contact on of their centers to check the validity of an invoice.

The company said "legitimate invoices will only come from accountright@apps.myob.com or noreply@apps.myjob.com addresses from its small business products,"the company told SC Media. "In addition, in genuine emails links to external sites will always start with links.apps.myjob.com."

UPDATE: This story has been updated to include comments from MYOB.