LastPass users targeted by vishing attackers

The CryptoChameleon phishing kit is being leveraged by vishing attackers looking to trick LastPass users into sharing their master password.

“Initially, we learned of a new parked domain (help-lastpass[.]com) and immediately marked the website for monitoring should it go live and start serving a phishing site intended to imitate our login page or something similar. Once we identified that this site went active and was being used in a phishing campaign against our customers, we worked with our vendor to take down the site,” LastPass intelligence analyst Mike Kosak explained.

The site has been taken down, but the company expects others to pop up quickly, and is thus warning users to be wary of attackers calling them up and posing as a company representative…