Hacker Exploit Social Security Statement Theme to Target Over 2,000 Victims with Malware

June 27, 2025, 7:55 a.m.

Description

A sophisticated phishing campaign has targeted over 2,000 individuals by exploiting the theme of official Social Security statements. Cybercriminals used a convincing phishing lure, mimicking legitimate communication from the Social Security Administration. The attack involved a URL directing victims to a phishing page hosted on Amazon Web Services, enhancing its perceived legitimacy. Users were tricked into downloading and executing malware, which is a .NET application loader that installs ScreenConnect, establishing a silent connection to the attacker's command-and-control server. The malware's behavior includes loading additional files and executing a primary backdoor component. The campaign's impact is significant, with a large percentage of targeted users unknowingly installing the malware.

External References

https://cyberarmor.tech/hacker-exploit-social-security-statement-theme-to-target-over-2000-victims-with-malware/
https://otx.alienvault.com/pulse/685db703a1b702d3c7c431d8
Tags
backdoor
screenconnect
phishing
remote-access
2025-06-26
amazon-aws
social-security
.net-loader

Date

  • Created: June 26, 2025, 9:09 p.m.
  • Published: June 26, 2025, 9:09 p.m.
  • Modified: June 27, 2025, 7:55 a.m.

Indicators

  • 1c939551452b2137b2bd727f13fab80da192f174d0311d23fc3c1c531cefdc87
  • secure.ratoscbom.com
Download all indicators here!

Attack Patterns

Additional Informations

  • Healthcare
  • Finance
  • United States of America