Beware, that Social Security email could be hiding dangerous malware

Security researchers from Cofense spot multiple phishing emails impersonating the US Social Security Administration
The goal was to deploy the ConnectWise Remote Access Trojan
The email frequency increased in the days leading up to the 2024 US presidential elections

Cybercriminals are impersonating the US Social Security Administration in an attempt to install a Remote Access Trojan (RAT) malware on people’s devices, experts have warned.

Cybersecurity researchers at Cofense observed a phishing campaign, slowly picking up pace in the days and weeks leading up to the 2024 US presidential elections.

The goal of the campaign was to distribute the ConnectWise RAT – a tainted and malicious use of otherwise legitimate software called ConnectWise Control (formerly ScreenConnect).

ConnectWise RAT

In an in-depth analysis, Cofense said it observed multiple variants of the same phishing campaign, in which the crooks would spoof the Social Security Administration and claim to provide an updated benefits statement. Most of the time, the fake statement would come in the form of a mismatched link (a link that doesn’t lead where it says it will lead). Sometimes, the threat actors would try to hide the link behind a “View Statement” button.

The campaign most likely started in or around mid-September 2024, when it was first observed by Cofense. The second sample came in a month later, after which the frequency gradually increased until mid-November.

“While additional emails were seen in late November, this campaign reached peak volume on November 11th and 12th, a week after Election Day,” Cofense concluded.

ConnectWise Control is a legitimate remote desktop and support tool, but in this scenario, it is used to gain unauthorized access to victims’ devices. Cybercriminals exploit the software’s legitimate capabilities by deploying it stealthily, often bundling it with malware or phishing schemes. Once installed, the RAT allows threat actors to control systems remotely, steal sensitive data, deploy additional malware, and monitor the victim’s computer activity.

Legitimate software is often used for malicious purposes, since endpoint security and malware removal services often don’t recognize them as a threat.

https://cdn.mos.cms.futurecdn.net/ThNyuwnA55tfcixfqWcEcA-1200-80.jpg

Source link

3 of the biggest new Netflix shows arriving in April 2026

3 of the biggest new Netflix shows arriving in April 2026

HP EliteBook 6 G2q promises endless 5G data and AI power, but hides significant limitations

Why hands-on digital skills will define the value of AI

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

HARDY, Zach Top & More

10 Must-Watch Spring 2026 Anime to Add to Your Watchlist List

4 Greatest Movies Based on Bible Stories

Dell Has the Best 32″ 4K OLED Gaming Monitor Deal With This $300 Discount

Cardlytics’ chief legal officer sells $39893 in stock

Travere therapeutics CEO Dube sells $1.8m in TVTX stock

Southland Holdings subsidiary settles litigation over Seattle convention project

Elong Power Holding transfers listing to Nasdaq Capital Market, regains compliance

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Beware, that Social Security email could be hiding dangerous malware

Cardlytics’ chief legal officer sells $39893 in stock

HARDY, Zach Top & More

Travere therapeutics CEO Dube sells $1.8m in TVTX stock

10 Must-Watch Spring 2026 Anime to Add to Your Watchlist List