Home > Security > Security News

Email Scam with Social Security Lure Ultimately Installs ScreenConnect RAT, Steals Banking Details

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer
Phishing emails masquerading as official SSA notifications to deploy RAT.

A sophisticated phishing campaign impersonating the U.S. Social Security Administration (SSA) tricks unsuspecting individuals into installing a dangerous remote access tool (RAT), ScreenConnect. 

This campaign, identified by the group name "Molatori," exploits victims' trust in government communication to gain complete control over their devices, according to a recent report from Malwarebytes.

The scam begins with phishing emails masquerading as official SSA notifications. These emails claim that the recipient’s Social Security statement is ready for download and provide a link to access this document. 

Scam email impersonating the US SSA | Source: Malwarebytes

The email is particularly convincing, often embedding content as images and using legitimate-looking compromised WordPress domains to bypass email filters. 

When recipients click on the provided link, they unknowingly download the ScreenConnect client under deceptive filenames, such as ReceiptApirl2025Pdfc.exe or SSAstatment11April.exe. Once installed, the client allows attackers to fully access the victim’s computer. 

After obtaining remote access, attackers instantly initiate malicious activities, including the theft of sensitive data like banking information, personal identification numbers, and confidential files. 

Malwarebytes researchers note that financial fraud is the primary objective of these scams. The stolen data is subsequently used for furthering identity theft, fraudulent monetary transactions, or unauthorized purchases.

In other news, scammers are creating fraudulent online profiles impersonating IC3 officials, targeting financial fraud victims with promises of lost funds recovery.

Add a Comment
Related
Mariner Wealth Advisor Suffered a Cyber Attack in December 2024 Exposing its Data
Mass Scanning by Proton66, Connection with Prospero, Chang Way Technologies, Bulletproof Services, and Blocked IPs
Alleged Scattered Spider Member Pleads Guilty to Cybercrimes, Ordered to Repay $13.2M
Ransomware
Akira Ransomware Group Claims Cyberattack on Spain’s STE Group and Exfiltrating 30GB of Data
Romance Baiting Scams
US DOJ Seizes Over $8 Million in Cryptocurrency Tied to 'Romance Baiting' Scams
Data Breach
Threat Actor Claims to Breach Endesa, Allegedly Compromising Millions of Customer Records
Most Popular
The Smashing Machine
Dwayne Johnson’s The Smashing Machine: All About the film based on MMA Fighter Mark Kerr
Now You See Me: Now You Don’t
What you Should know About the Now You See Me: Now You Don’t (2025) film
Outlaw Botnet Targets Linux Systems, Exploiting Weak or Default SSH Credentials
Novel Grinex Platform Allegedly Linked to Sanctioned Garantex Crypto Exchange
Perplexity AI’s New Browser Collects User Data for Advertising Purposes, Raises Privacy Concerns
NCIS: Origins
What you Should know About NCIS: Origins Season 2 - Release Window, Gibbs' Story, and more
Dwayne Johnson’s The Smashing Machine: All About the film based on MMA Fighter Mark Kerr
What you Should know About the Now You See Me: Now You Don’t (2025) film
Outlaw Botnet Targets Linux Systems, Exploiting Weak or Default SSH Credentials
Novel Grinex Platform Allegedly Linked to Sanctioned Garantex Crypto Exchange
Perplexity AI’s New Browser Collects User Data for Advertising Purposes, Raises Privacy Concerns
What you Should know About NCIS: Origins Season 2 - Release Window, Gibbs' Story, and more

Most Popular
The Smashing Machine
Dwayne Johnson’s The Smashing Machine: All About the film based on MMA Fighter Mark Kerr
Now You See Me: Now You Don’t
What you Should know About the Now You See Me: Now You Don’t (2025) film
Outlaw Botnet Targets Linux Systems, Exploiting Weak or Default SSH Credentials
Novel Grinex Platform Allegedly Linked to Sanctioned Garantex Crypto Exchange
Perplexity AI’s New Browser Collects User Data for Advertising Purposes, Raises Privacy Concerns
NCIS: Origins
What you Should know About NCIS: Origins Season 2 - Release Window, Gibbs' Story, and more
Dwayne Johnson’s The Smashing Machine: All About the film based on MMA Fighter Mark Kerr
What you Should know About the Now You See Me: Now You Don’t (2025) film
Outlaw Botnet Targets Linux Systems, Exploiting Weak or Default SSH Credentials
Novel Grinex Platform Allegedly Linked to Sanctioned Garantex Crypto Exchange
Perplexity AI’s New Browser Collects User Data for Advertising Purposes, Raises Privacy Concerns
What you Should know About NCIS: Origins Season 2 - Release Window, Gibbs' Story, and more

TechNadu keeps you informed with the latest in cybersecurity, VPNs, streaming, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: