LastPass users targeted by vishing attackers

2024-04-19 09:51

The CryptoChameleon phishing kit is being leveraged by vishing attackers looking to trick LastPass users into sharing their master password.

"Initially, we learned of a new parked domain and immediately marked the website for monitoring should it go live and start serving a phishing site intended to imitate our login page or something similar. Once we identified that this site went active and was being used in a phishing campaign against our customers, we worked with our vendor to take down the site," LastPass intelligence analyst Mike Kosak explained.

The site has been taken down, but the company expects others to pop up quickly, and is thus warning users to be wary of attackers calling them up and posing as a company representative.

"If the recipient inputs their master password into the phishing site, the threat actor attempts to log in to the LastPass account and change settings within the account to lock out the authentic user and take control of the account. These changes may include changing the primary phone number and email address as well as the master password itself," Kosak concluded.

Users are generally directed to the phishing pages via SMS messages, emails, and phone calls.

"We have worked hard to disrupt this phishing campaign and have had the initial phishing site taken down. However, as the initial phishing kit itself continues to offer LastPass branding, we are sharing this information so that our customers can be aware of these tactics and take the appropriate response should they receive a suspicious call, text, or email," Kosak noted.

News URL

https://www.helpnetsecurity.com/2024/04/19/lastpass-vishing/

#lastpass #vishing