![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
![[Update] A renewed Pixel Watch 2 is a steal at under $80 on Amazon](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/10/Pixel-Watch-2-in-pocket-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
![Honor 400 series officially launching on May 22 as design is revealed [Video]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/05/honor-400-series-announcement-1.png?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Beats Studio Pro Wireless Headphones Now Just $169.95 - Save 51%! [Deal]](https://www.iclarified.com/images/news/97258/97258/97258-640.jpg)
Beware of Fake Social Security Statement That Tricks Users to Install Malware
A sophisticated phishing campaign targeting Americans is currently making rounds via fake Social Security Administration (SSA) emails. These convincingly crafted messages inform recipients that their Social Security Statement is available for download, encouraging them to click on an attached file. The seemingly legitimate communication bears official SSA branding and formatting that makes it difficult for […] The post Beware of Fake Social Security Statement That Tricks Users to Install Malware appeared first on Cyber Security News.
A sophisticated phishing campaign targeting Americans is currently making rounds via fake Social Security Administration (SSA) emails.
These convincingly crafted messages inform recipients that their Social Security Statement is available for download, encouraging them to click on an attached file.
.webp)
The seemingly legitimate communication bears official SSA branding and formatting that makes it difficult for average users to identify as fraudulent.
When users follow the instructions, they unwittingly download an executable file disguised with names like “ReceiptApirl2025Pdfc.exe” or “SSAstatment11April.exe.”
Despite these innocuous-sounding names, the files actually contain a legitimate remote access tool called ScreenConnect that gives attackers complete control over victims’ systems.
Malwarebytes researchers identified a threat actor group dubbed “Molatori” behind this campaign, named after the domains they utilize to host the malicious ScreenConnect clients.
The group appears primarily motivated by financial fraud, accessing banking details and personal identification information once they gain system access.
The attack leverages several technical advantages that make detection challenging.
The cybercriminals distribute their phishing emails from compromised WordPress sites, ensuring the sender domains appear legitimate.
Additionally, they embed email content as images to prevent effective scanning by email security filters.
Once installed, ScreenConnect-a legitimate remote administration tool-provides attackers with comprehensive system access.
The tool’s legitimate status complicates detection by security solutions, while giving attackers capabilities to run scripts, execute commands, transfer files, and install additional malware without user awareness.
The infection mechanism is particularly insidious as it exploits trust in government institutions.
After installation, the ScreenConnect client establishes a connection to command domains including atmolatori.icu, gomolatori.cyou, and several similar variations.
Malwarebytes detects these suspicious instances as RiskWare.ConnectWise.CST and blocks connections to associated domains.
Security experts recommend verifying email sources through independent channels, avoiding clicking on unexpected links, and maintaining updated anti-malware protection to prevent falling victim to this and similar campaigns.
The post Beware of Fake Social Security Statement That Tricks Users to Install Malware appeared first on Cyber Security News.
