Hackread reports that fraudulent U.S. Social Security Administration emails have been leveraged to facilitate the distribution of the ScreenConnect remote access trojan as part of a new attack campaign.
Malicious emails purporting to be from the SSA that informed about the availability of Social Security Statements included attachments and links that led to the installation of the ScreenConnect remote access tool, which is then later used by threat actors to view files, execute programs, and exfiltrate sensitive data, according to a Malwarebytes analysis. Such findings follow a Cofense report detailing earlier phishing campaigns involving SSA spoofing that spread the ConnectWise RAT, which have escalated in the weeks before last year's U.S. presidential elections. "While the exact structure of the email changes from sample to sample, the campaign consistently delivers an embedded link to a ConnectWise RAT installer," said Cofense researchers. ConnectWise RAT was also observed being distributed in phishing schemes that involved bogus LinkedIn emails.
Malicious emails purporting to be from the SSA that informed about the availability of Social Security Statements included attachments and links that led to the installation of the ScreenConnect remote access tool, which is then later used by threat actors to view files, execute programs, and exfiltrate sensitive data, according to a Malwarebytes analysis. Such findings follow a Cofense report detailing earlier phishing campaigns involving SSA spoofing that spread the ConnectWise RAT, which have escalated in the weeks before last year's U.S. presidential elections. "While the exact structure of the email changes from sample to sample, the campaign consistently delivers an embedded link to a ConnectWise RAT installer," said Cofense researchers. ConnectWise RAT was also observed being distributed in phishing schemes that involved bogus LinkedIn emails.
