Hacker Exploit Social Security Statement Theme to Target Over 2,000 Victims with Malware
Essential information
- Published
- 26/06/2025 21:09
- Modified
- 27/06/2025 07:55
- Tags
- .net-loader 2025-06-26 amazon-aws backdoor phishing remote access screenconnect social-security
- Related entities
- 2 observables, 8 techniques (mitre), 3 others
Description
A sophisticated phishing campaign has targeted over 2,000 individuals by exploiting the theme of official Social Security statements. Cybercriminals used a convincing phishing lure, mimicking legitimate communication from the Social Security Administration. The attack involved a URL directing victims to a phishing page hosted on Amazon Web Services, enhancing its perceived legitimacy. Users were tricked into downloading and executing malware, which is a .NET application loader that installs ScreenConnect, establishing a silent connection to the attacker's command-and-control server. The malware's behavior includes loading additional files and executing a primary backdoor component. The campaign's impact is significant, with a large percentage of targeted users unknowingly installing the malware.