CryptoChameleon’s Phishy Feud: LastPass Users Under Siege Again!
Beware! LastPass users are being targeted by a phishing campaign involving fake access requests linked to a mythical inheritance process. The culprits, CryptoChameleon, are out for your cryptocurrency stash, using passkey-focused phishing domains. Remember, if you’re not dead, don’t log into fake vaults!
Hot Take:
LastPass users, it’s time to put on your detective hats because CryptoChameleon is back and they’re not just fishing; they’re phishing for your cryptocurrency! It’s like a bad episode of a crime show, but instead of finding out who the killer is, you’re trying to keep your digital vault safe. If receiving emails about your own untimely demise doesn’t give you a case of the heebie-jeebies, I don’t know what will!
Key Points:
- CryptoChameleon targets LastPass users with phishing emails about legacy access requests.
- The emails claim a family member requested vault access using a death certificate.
- The campaign uses domains like lastpassrecovery[.]com to steal credentials.
- Phishing kit targets cryptocurrency wallets and uses fake sign-in pages for popular services.
- Passkeys are now a focus for attackers, utilizing fake domains for credential theft.
Already a member? Log in here