Security News > 2024 > April > Cybercriminals pose as LastPass staff to hack password vaults
LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft.
According to researchers at mobile security company Lookout, campaigns using this phishing kit also targeted cryptocurrency platforms Binance, Coinbase, Kraken, and Gemini, using pages that impersonated Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL. During its investigations, LastPass discovered that its service was recently added to the CryptoChameleon kit, and a phishing site was hosted at at the "Help-lastpass[.]com" domain.
The attacker combines multiple social engineering techniques that involve contacting the potential victim and pretending to be a LastPass employee trying to help with securing the account following unauthorized access.
Victims receive a call from an 888 number claiming unauthorized access to their LastPass account and are prompted to allow or block the access by pressing "1" or "2".
Users of the popular password management service are recommended to beware of suspicious phone calls, messages, or emails claiming to come from LastPass and urging immediate action.
FIN7 targets American automaker's IT staff in phishing attacks.