BleepingComputer reports that the threat group CryptoChameleon sends phishing emails to LastPass users requesting access to their password vaults by uploading death certificates. The access is part of the password manager's legacy inheritance process.The group uses fake Gmail, iCloud, Okta, and Outlook sign-in pages to gain access to target victims' cryptocurrency wallets, such as Binance, Coinbase, Kraken, and Gemini. The fraudulent legacy request includes an agent ID number to make it appear more legitimate, which prompt users to respond. Once the link is opened, the account holder receives an email that expires following a set waiting period, and this automatically grants the hacker access.The victims have also reported that hackers sometimes pose as LastPass staff by calling victims and instructing them to input their credentials on the phishing site. According to the company, the CryptoChameleon attack's key element is the use of passkey-focused phishing domains like mypasskey[.]info and passkeysetup[.]com to steal users' passkeys.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds