Social Security Phish Hack Hits 2,000+ Devices

More than 2,000 devices were infected in a widespread Social Security Phish Hack campaign that used spoofed government-themed emails to distribute malware, according to a recent analysis by CyberArmor. Attackers crafted convincing phishing messages that redirected victims to fraudulent Social Security Administration (SSA) websites hosted on Amazon Web Services. These sites encouraged users to “Access The Statement,” leading them to download a malicious file disguised as a legitimate SSA document.

The malware, named “US_SocialStatmet_ID544124.exe,” operated as a .NET loader that initiated a multi-stage infection process. This Social Security Phish Hack campaign leveraged real tools like ScreenConnect to maintain remote access. Once downloaded, the malware deployed embedded files, contacted a command-and-control server, and initiated unauthorized sessions using encoded credentials. Analysts emphasized the attack’s sophistication and its use of trusted names like SSA and Amazon to bypass security measures.

For a detailed breakdown of the malware and threat indicators, read the full report at:

2,000+ Devices Hacked Using Weaponized Social Security Statement Themes