A new phishing campaign linked to CryptoChameleon is targeting LastPass users, cryptocurrency exchange users, and passkey users. The attackers are trying to steal master passwords and cryptocurrency holdings by sending spoofed emails that appear to be from [email protected]. The emails claim a family member has submitted a death certificate to access the user’s account and urge them to cancel a request by clicking a malicious link.
Victims who follow the link are taken to a fake recovery site where they’re prompted to enter their LastPass master password. To make it seem more legitimate, the email includes fabricated case information and advises users to confirm the sender’s email address. In some cases, attackers are calling victims directly, posing as LastPass representatives.
This is not an isolated incident. The CryptoChameleon group has been linked to several phishing campaigns targeting cryptocurrency users in the past. They’re known for using elaborate phishing infrastructure and bulletproof hosting services to evade detection.
Source: https://cyberinsider.com/lastpass-warns-about-cryptochameleon-campaign-targeting-master-passwords