<
p style=”text-align: justify;”>Hackers have launched a sophisticated phishing campaign impersonating the United States Social Security Administration (SSA) to deliver the ConnectWise Remote Access Tool (RAT), according to a report by Cofense Intelligence. This operation, active since September 2024 and intensifying by November, employs advanced evasion techniques to compromise devices and extract sensitive information.
The phishing emails mimic official SSA communications, promising updated benefits statements to lure victims. Embedded links, disguised as legitimate SSA web pages, lead to the installation of the ConnectWise RAT, granting attackers control over compromised systems. The campaign incorporates enhanced email spoofing and credential phishing strategies, leveraging SSA logos and branding to heighten credibility.
One unique technique involves one-time use payloads. Victims who access the malicious link are directed to the RAT installer, while subsequent visits redirect to legitimate SSA pages. This method utilizes browser cookies to bypass automated defenses and security research tools.
Exploitation and Goals
After installing the malware, attackers exploit victims further by redirecting them to phishing pages designed to capture sensitive personal and financial data, including:
- Social Security Numbers
- Credit card details
- Mother’s maiden name
- Phone carrier PINs
The fo
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.