1. Forum
  2. FidoNET
  3. POLITICS

  • Beware, that Social Secur

    From Mike Powell@1:2320/105 to All on Wednesday, January 08, 2025 10:28:00
    Beware, that Social Security email could be hiding dangerous malware

    Date:
    Tue, 07 Jan 2025 21:29:00 +0000

    Description:
    Researchers spot Social Security-themed campaign timed alongside the US presidential elections.

    FULL STORY ======================================================================

    Security researchers from Cofense spot multiple phishing emails impersonating the US Social Security Administration. The goal was to deploy the ConnectWise Remote Access Trojan. The email frequency increased in the days leading up
    to the 2024 US presidential elections.

    Cybercriminals are impersonating the US Social Security Administration in an attempt to install a Remote Access Trojan (RAT) malware on peoples devices, experts have warned.

    Cybersecurity researchers at Cofense observed a phishing campaign, slowly picking up pace in the days and weeks leading up to the 2024 US presidential elections.

    The goal of the campaign was to distribute the ConnectWise RAT - a tainted
    and malicious use of otherwise legitimate software called ConnectWise Control (formerly ScreenConnect).

    ConnectWise RAT

    In an in-depth analysis , Cofense said it observed multiple variants of the same phishing campaign, in which the crooks would spoof the Social Security Administration and claim to provide an updated benefits statement. Most of
    the time, the fake statement would come in the form of a mismatched link (a link that doesnt lead where it says it will lead). Sometimes, the threat
    actors would try to hide the link behind a View Statement button.

    The campaign most likely started in or around mid-September 2024, when it was first observed by Cofense. The second sample came in a month later, after
    which the frequency gradually increased until mid-November.

    While additional emails were seen in late November, this campaign reached
    peak volume on November 11th and 12th, a week after Election Day, Cofense concluded.

    ConnectWise Control is a legitimate remote desktop and support tool, but in this scenario, it is used to gain unauthorized access to victims' devices. Cybercriminals exploit the software's legitimate capabilities by deploying it stealthily, often bundling it with malware or phishing schemes. Once
    installed, the RAT allows threat actors to control systems remotely, steal sensitive data, deploy additional malware, and monitor the victims computer activity.

    Legitimate software is often used for malicious purposes, since endpoint security and malware removal services often dont recognize them as a threat.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/beware-that-social-security-email-could -be-hiding-dangerous-malware

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)