Cybersecurity researchers have identified a malicious campaign FROZEN#SHADOW, using phishing to spread SSLoad malware, Cobalt Strike, and ConnectWise ScreenConnect.

The campaign predominantly targets entities across Asia, Europe, and the Americas and initiates attacks through phishing emails containing JavaScript files.

SSLoad facilitates backdoor access and deploys payloads to maintain control and stealth within compromised systems.

Distribution of SSLoad occurs via website contact forms and macro-enabled Word documents, with the malware also delivering a new strain known as Latrodectus.

Once inside a system, attackers gain full access, collect credentials, system details, and expand their control to other networked systems, including creating domain administrator accounts.

The discovery of Pupy RAT affecting Linux systems by AhnLab Security Intelligence Center underscores the broader malware threat landscape and the need for robust endpoint security.