TechNaduOct 25

🚨 CryptoChameleon Returns — Using “Fake Death” Phishing to Target LastPass Users
A sophisticated campaign is spoofing LastPass’s inheritance process, claiming a family member uploaded a death certificate to access a user’s vault.
The phishing link leads to lastpassrecovery[.]com, stealing master passwords and passkeys. Attackers even followed up with voice calls pretending to be support staff.
This evolution into passkey-targeting phishing underscores a major shift in credential theft tactics.
💭 Should password managers tighten inheritance verification or rethink passkey syncing entirely?

Follow @technadu for deep, verified threat intelligence and infosec updates.

#InfoSec #CyberSecurity #LastPass #CryptoChameleon #Phishing #Passkeys #ThreatIntel #PasswordManager #DataBreach #DigitalSecurity #SecurityAwareness

ITSEC NewsJan 8, 2025
A Day in the Life of a Prolific Voice Phishing Crew - Besieged by scammers seeking to phish user accounts over the telephone, Apple and ... https://krebsonsecurity.com/2025/01/a-day-in-the-life-of-a-prolific-voice-phishing-crew/ #alittlesunshine #cryptochameleon #latestwarnings #thecomingstorm #voicephishing #800-275-2273 #allisonnixon #webfraud2.0 #domaintools #autodoxers #aristotle #markcuban #sharktank #starfraud #coinbase #telegram #unit221b #discord #lookout #stotle #trezor #okta
A Day in the Life of a Prolific Voice Phishing Crew – Krebs on Security

KrebsOnSecurity RSSJan 8, 2025

A Day in the Life of a Prolific Voice Phishing Crew

https://krebsonsecurity.com/2025/01/a-day-in-the-life-of-a-prolific-voice-phishing-crew/

#ALittleSunshine #CryptoChameleon #LatestWarnings #TheComingStorm #voicephishing #800-275-2273 #AllisonNixon #WebFraud2.0 #domaintools #autodoxers #Aristotle #MarkCuban #SharkTank #StarFraud #Coinbase #telegram #Unit221B #Discord #Lookout #Stotle #Trezor #Okta #Perm

A Day in the Life of a Prolific Voice Phishing Crew – Krebs on Security

gtbarryApr 25, 2024

LastPass users targeted in phishing attacks good enough to trick even the savvy

Password-manager LastPass users were recently targeted by a convincing phishing campaign that used a combination of email, SMS, and voice calls to trick targets into divulging their master passwords

#LastPass #CryptoChameleon #password #passwords #passwordmanager #phishing #security #cybersecurity #infosec #hackers #hacking #hacked

https://arstechnica.com/security/2024/04/lastpass-users-targeted-in-phishing-attacks-good-enough-to-trick-even-the-savvy/

LastPass users targeted in phishing attacks good enough to trick even the savvy

Campaign used email, SMS, and voice calls to trick targets into divulging master passwords.

Ars Technica
Matt WillemsenApr 21, 2024
LastPass users targeted in phishing attacks good enough to trick even the savvy
https://arstechnica.com/security/2024/04/lastpass-users-targeted-in-phishing-attacks-good-enough-to-trick-even-the-savvy/
#LastPass #phishing—as—a—service #attacks #FCC #Coinbase #CryptoChameleon #spoofing #shortenedURL
LastPass users targeted in phishing attacks good enough to trick even the savvy

Campaign used email, SMS, and voice calls to trick targets into divulging master passwords.

Ars Technica
Not SimonApr 18, 2024

LastPass warns of a CryptoChameleon phishing campaign spoofing LastPass. The CryptoChameleon is a Phishing-as-a-Service (PhaaS) that allows threat actors to easily create fake SSO or other login sites drawn from fraudulent branding. LastPass had the phishing site taken down and describes the phishing tactics used in this campaign. 🔗https://blog.lastpass.com/posts/2024/04/advanced-phishing-kit-adds-lastpass-branding-for-use-in-phishing-campaigns

#CryptoChameleon #PhaaS #phishing #threatintel

Advanced Phishing Kit Adds LastPass Branding for Use in Phishing Campaigns - The LastPass Blog