Attacks with CryptoChameleon phishing kit target LastPass users

19 April 2024

BleepingComputer reports that widely used password management service LastPass is having its customers subjected to a new attack campaign involving the sophisticated CryptoChameleon phishing kit aimed at exfiltrating cryptocurrency assets. Several social engineering tactics have been leveraged in the campaign, with attackers initially using an 888 number to contact targets regarding unauthorized LastPass account access before making another call impersonating a LastPass employee, who would send a phishing email with a link redirecting to a fraudulent website seeking the targets’ master passwords, according to LastPass, which urged its users to be vigilant of suspicious phone calls, SMS messages, and emails amid fears of persistent targeting even after the shut down of the malicious site.

Source: SC Magazine

Date:

19 April 2024

Categorie(s):

NEWS

Tag(s):

Attacks, Data Security, IT, LastPass, News

Microsoft, Google widen passkey support for its users3 May 2024
Cyble Vision X covers the entire breach lifecycle3 May 2024
Leveraging Big Data for Enhanced Cybersecurity Solutions3 May 2024
BlackBerry CylanceMDR improves cybersecurity defensive strategy3 May 2024
New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data3 May 2024