The CryptoChameleon phishing kit is being leveraged by vishing attackers looking to trick LastPass users into sharing their master password. The site has been taken down, but the company expects others to pop up quickly, and is thus warning users to be wary of attackers calling them up and posing as a company representative. CryptoChameleon is a relatively new phishing kit that allows threat actors to create fake login pages that look very much like the real thing, allowing them to steal credentials and occasionally other sensitive data. Users are generally directed to the phishing pages via SMS messages, emails, and phone calls.
Read more: https://www.helpnetsecurity.com/2024/04/19/lastpass-vishing/