Fake SSA Emails Drive Venomous#Helper Phishing Campaign

A phishing campaign known as Venomous#Helper has compromised over 80 organizations, primarily in the United States, by leveraging legitimate remote monitoring and management (RMM) tools to establish persistent backdoor access. The operation uses Social Security Administration-themed emails to lure victims into downloading signed malware, which installs dual remote access channels via SimpleHelp and ConnectWise ScreenConnect for redundancy and stealth. The malware maintains persistence through system services, registry modifications, and automated monitoring behaviors while employing evasion techniques such as disguised system utilities to bypass detection. The campaign highlights the growing abuse of trusted software in phishing attacks, emphasizing the need for behavioral monitoring and stricter control over authorized tools.

Reference: infosecurity-magazine.com