Beware, that Social Security email could be hiding dangerous malware

News
By
published

Hackers are spoofing the Social Security Administration to deploy a RAT

Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
(Image credit: Shutterstock)
  • Security researchers from Cofense spot multiple phishing emails impersonating the US Social Security Administration
  • The goal was to deploy the ConnectWise Remote Access Trojan
  • The email frequency increased in the days leading up to the 2024 US presidential elections

Cybercriminals are impersonating the US Social Security Administration in an attempt to install a Remote Access Trojan (RAT) malware on people’s devices, experts have warned.

Cybersecurity researchers at Cofense observed a phishing campaign, slowly picking up pace in the days and weeks leading up to the 2024 US presidential elections.

The goal of the campaign was to distribute the ConnectWise RAT - a tainted and malicious use of otherwise legitimate software called ConnectWise Control (formerly ScreenConnect).

ConnectWise RAT

In an in-depth analysis, Cofense said it observed multiple variants of the same phishing campaign, in which the crooks would spoof the Social Security Administration and claim to provide an updated benefits statement. Most of the time, the fake statement would come in the form of a mismatched link (a link that doesn’t lead where it says it will lead). Sometimes, the threat actors would try to hide the link behind a “View Statement” button.

The campaign most likely started in or around mid-September 2024, when it was first observed by Cofense. The second sample came in a month later, after which the frequency gradually increased until mid-November.

“While additional emails were seen in late November, this campaign reached peak volume on November 11th and 12th, a week after Election Day,” Cofense concluded.

ConnectWise Control is a legitimate remote desktop and support tool, but in this scenario, it is used to gain unauthorized access to victims' devices. Cybercriminals exploit the software's legitimate capabilities by deploying it stealthily, often bundling it with malware or phishing schemes. Once installed, the RAT allows threat actors to control systems remotely, steal sensitive data, deploy additional malware, and monitor the victim’s computer activity.

Legitimate software is often used for malicious purposes, since endpoint security and malware removal services often don’t recognize them as a threat.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Russian flag on a laptop
Hackers are using Russian domains to launch complex document-based phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft authentication system spoofed via phishing attack
Illustration of a laptop with a magnifying glass exposing a beetle on-screen
FBI warns over new malware targeting webcams and DVRs
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
AI business data center
Cybercriminals are using virtual hard drives to drop RATs in phishing attacks
Smartphone with new logo X twitter app background. Application twitter old blue bird change X black and white new.
Phishing campaign targets prominent X users, accounts at risk
Latest in Security
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Security
Broadcom releases fixes for multiple VMware security flaws
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Latest in News
CorelDraw Go homepage showing design examples
Adobe arch-rival unveils online graphic design tool for beginners - and yes, it has a subscription
Tony Hawk's Pro Skater 3+4 promo image featuring the Doom Slayer glaring at Tony
Tony Hawk's Pro Skater 3+4 is real and the Digital Deluxe Edition literally turns it into a Doom game
Ada Lovelace as a leader in Civilization 7.
Sid Meier's Civilization 7 update 1.1.0 finally stops AI leaders from flooding your territory with armies of explorers
OnePlus Watch 3
Good news for OnePlus fans as it confirms the OnePlus Watch 3 will get three years of updates, not two
Image of Radeon RX 9000 series GPUs
AMD RX 9070 could struggle to compete with Nvidia 50-series GPUs according to latest tech demo
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
More about security
Security

Broadcom releases fixes for multiple VMware security flaws
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."

Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
An AI face in profile against a digital background.

Navigating transparency, bias, and the human imperative in the age of democratized AI
See more latest
Most Popular
Ada Lovelace as a leader in Civilization 7.
Sid Meier's Civilization 7 update 1.1.0 finally stops AI leaders from flooding your territory with armies of explorers
Image of Radeon RX 9000 series GPUs
AMD RX 9070 could struggle to compete with Nvidia 50-series GPUs according to latest tech demo
Tony Hawk's Pro Skater 3+4 promo image featuring the Doom Slayer glaring at Tony
Tony Hawk's Pro Skater 3+4 is real and the Digital Deluxe Edition literally turns it into a Doom game
CorelDraw Go homepage showing design examples
Adobe arch-rival unveils online graphic design tool for beginners - and yes, it has a subscription
Security
Broadcom releases fixes for multiple VMware security flaws
OnePlus Watch 3
Good news for OnePlus fans as it confirms the OnePlus Watch 3 will get three years of updates, not two
Google Pixel Watch 3
Google rolls out major Pixel Watch upgrade for all users – here's what's new in Wear OS 5.1
Pac-Man x PowerA promotional image.
Special edition Pac-Man Nintendo Switch and Xbox accessories from PowerA are on the way
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Portrait of African-American teenage boy studying at home or in college dorm and using laptop, copy space
Windows 11’s Notepad gets AI-powered ‘Rewrite’ feature, but not everyone’s going to be happy about it