Cybercriminals are impersonating the US Social Security Administration in an attempt to install a Remote Access Trojan (RAT) malware on people’s devices, experts have warned.
Cybersecurity researchers at Cofense observed a phishing campaign, slowly picking up pace in the days and weeks leading up to the 2024 US presidential elections.
The goal of the campaign was to distribute the ConnectWise RAT - a tainted and malicious use of otherwise legitimate software called ConnectWise Control (formerly ScreenConnect).
ConnectWise RATIn an in-depth analysis, Cofense said it observed multiple variants of the same phishing campaign, in which the crooks would spoof the Social Security Administration and claim to provide an updated benefits statement. Most of the time, the fake statement would come in the form of a mismatched link (a link that doesn’t lead where it says it will lead). Sometimes, the threat actors would try to hide the link behind a “View Statement” button.
The campaign most likely started in or around mid-September 2024, when it was first observed by Cofense. The second sample came in a month later, after which the frequency gradually increased until mid-November.
“While additional emails were seen in late November, this campaign reached peak volume on November 11th and 12th, a week after Election Day,” Cofense concluded.
ConnectWise Control is a legitimate remote desktop and support tool, but in this scenario, it is used to gain unauthorized access to victims' devices. Cybercriminals exploit the software's legitimate capabilities by deploying it stealthily, often bundling it with malware or phishing schemes. Once installed, the RAT allows threat actors to control systems remotely, steal sensitive data, deploy additional malware, and monitor the victim’s computer activity.
Legitimate software is often used for malicious purposes, since endpoint security and malware removal services often don’t recognize them as a threat.
You might also likeThe US state of Washington is taking legal action against telecommunications giant T-Mobile over consumer protections failures following a 2021 data breach which exposed up to 79 million consumers worldwide, including the social security numbers of almost 184,000 customers in the state.
As part of Washington’s lawsuit, the state claims T-Mobile failed to ‘adequately secure sensitive personal information of more than 2 million Washingtonians’. This failure, the state claims, left those consumers vulnerable to fraud and identity theft.
The suit claims that the breach was ‘entirely avoidable’ and explains T-Mobile had years to fix key vulnerabilities in its cybersecurity systems, and failed to properly address them. A lack of security monitoring meant T-Mobile was unaware of the breach.
T-Mobile customers misleadThe suit alleges T-Mobile deliberately downplayed the severity of the breach to affected consumers, and omitted critical information, which in turn affected customer’s ability to ‘adequately assess their risk of identity theft or fraud’.
The firm sent out texts to affected customers, but failed to include legally required information. Customers who didn’t have their card details or social security numbers compromised were informed of such, but those who did, weren’t given any information about the exposure.
According to the suit, T-Mobile used ‘weak credentials’ and an ‘easily guessable username and password’, and the exposed data appeared for sale on the dark web almost immediately after it was stolen.
T-Mobile has recently agreed to pay an over $15 million penalty to the FCC as part of a settlement deal following a string of high-profile data breaches between 2021 and 2023. The company was also ordered to make significant changes to its cybersecurity infrastructure, and adopt more robust identity and access management frameworks.
You might also likeAfter a couple of years of development, the world's first rollable display laptop, the Lenovo ThinkBook Plus Gen 6 Rollable, was finally unveiled at CES 2025 this week.
The laptop, which can transition from a 14-inch landscape display to a 16.7-inch vertical display with a single button press, was first shown off two years ago as a concept device, but has now made the transition to production for 2025.
Powered by the Intel Core Ultra 200V series (up to a Core Ultra 7), the laptop will also feature up to 32GB of LPDDR5x memory and up to 1TB PCIe 4.0 SSD storage. As a Lunar Lake-powered laptop, it'll also feature Intel Xe2 graphics, making it a good, lightweight choice for graphic designers who do a lot of work on portrait documents.
Throw in Wi-Fi 7 and Bluetooth 5.4 connectivity, 2x2W Harman/Kardon speakers, and a dual mic array with 5MP IR webcam, and you have more than a niche laptop with a cool gimmick, but a powerful mobile workstation machine for professional users.
That said, the rollable display aspect of the laptop is the show stealer here, and anyone who values a vertical display, like software engineers or business users who work with a lot of documents, are going to be hard-pressed to find another laptop like the ThinkBook Plus Gen 6 Rollable.
More than a cool form factor, the ThinkBook Plus Gen 6 Rollable is genuinely functional in a way other laptops can't be (Image credit: Future / John Loeffler)The clamshell laptop form factor is one of those designs that I'd considered a 'solved problem'. If you want a portable computer, this is the best way to design it, with a display that folds down onto the keyboard.
And since the keyboard layout is also a solved problem, laptops are mostly stuck with a landscape orientation, with older 4:3 ratio displays being the tallest they've been able to practically be.
For anyone who needs or wants a vertical orientation for their laptop, you've been out of luck and been forced to rely on portable monitors, which isn't an ideal solution for portability.
With the ThinkBook Plus Gen 6 Rollable though, you really do have an innovation that addresses this specific need, making it much more functional than a lot of other concept-to-production designs I've seen in laptops over the years (foldable display laptops being a perfect example).
And while dual-screen laptops exist, they're somewhat hampered by the extra peripherals required to make them work, like a wireless keyboard and folding stand to hold them upright. With the ThinkBook Plus Gen 6 Rollable though, you have everything in one complete unit, meaning you won't have to worry about misplacing anything that you'll need to make everything work.
Of course, one thing that the new laptop introduces that we haven't needed to worry about since we got rid of spinning-disk HDD laptops is the introduction of moving mechanical parts, which can wear out over time.
A rollable display laptop isn't great if the motor that rolls out the display breaks and now you can't roll it up (or down, if you're really unlucky), but by the time that happens, it might be time to upgrade the laptop anyway, and you just might have a whole lot more rollable display laptops on the market to choose from.
You might also like...