Hackers have been detected impersonating LastPass staff in a sophisticated phishing effort. They did this to steal users' master passwords and hijack their accounts.

This frightening growth was recently brought to the attention of LastPass on their own blog. Ultimately, it sheds light on the risks that the CryptoChameleon phishing kit represents.

A Cybersecurity company Lookout first discovered this effort. Later on, it makes use of the CryptoChameleon phishing kit. This kit is a renowned tool associated with prior cryptocurrency thefts.

This program enables thieves to construct counterfeit websites. As a result, the thieves resemble actual services. These services are loaded with authentic visuals and logos.

The primary goal is to trick users into inputting their login information. Later on, the users bring it into use and attackers sell it for their self purposes.

The Hackers' Mode of Operations

The assault occurs in phases. It starts with the victim who obtains a phone call from a number that looks to be affiliated with LastPass. The caller, speaking with an American accent, states to be a LastPass employee.

During the chat, the alleged employee warns the victim about a security issue with their account. After that, the victim proposes to send an email to assist in resetting their access.

This email, however, includes an illegal link to a phishing site (help-lastpass[.]com). The most interesting fact about this site is that it is carefully built to mimic the LastPass interface.

Victims are duped into providing their master password on this website. Once the hackers have obtained this information, they attempt to get access to the actual LastPass account. Later on, they also alter essential parameters such as the main phone number, email address, and master password itself.

This essentially shuts out the genuine user and gives the attacker complete control of the account.

Prompt Measures and Suggestions

LastPass has moved quickly to reduce the effect of this phishing campaign. The first phishing site has been removed, and efforts are underway to mitigate the threat. These threats are caused by the phishing kit. However, the business advises customers to be careful.

They propose that consumers do:

• Be wary of unsolicited messages, especially if they seem to come from a trustworthy source.
• To confirm the veracity of any request, contact the company immediately through proper means.
• Do not click on links or download attachments from unfamiliar or questionable communications.
• Use multi-factor authentication (MFA) to strengthen the security of their accounts.