LastPass has issued a warning to its customers about a phishing campaign by a threat group called CryptoChameleon (UNC5356). The attack targets users of cryptocurrency wallets like Binance, Coinbase, Kraken, and Gemini. The phishing emails claim that a family member requested access to the user’s LastPass vault due to a “legacy inheritance process.” However, the link in the email redirects to a fake page where the victim is asked to enter their master password.
The attackers are using passkey-focused phishing domains such as mypasskey[.]info and passkeysetup[.]com. Passkeys are passwordless authentication standard based on FIDO2 / WebAuthn protocols. The use of these domains indicates that threat actors aim to steal users’ passkeys. LastPass suffered a major data breach in 2022, where attackers stole encrypted vault backups.
To avoid falling victim to this phishing campaign, do not forget that email is not secure and never respond to unsolicited requests for access to your password vault.
Source: https://www.bleepingcomputer.com/news/security/fake-lastpass-death-claims-used-to-breach-password-vaults