- There is a new crypto phishing kit on the internet.
- The phishing kit mimics tactics employed by a famous cybercriminal group.
- It has so far impacted hundreds of victims.
Data-centric cloud security company Lookout announced on Thursday the discovery of an โadvanced phishing kitโ exhibiting tactics that target cryptocurrency exchanges.
Dubbed CryptoChameleon, the phishing kit can also be used against the Federal Communications Commission (FCC) via mobile devices. The intended targets include mostly crypto traders, single sign-on (SSO) services in the U.S., Binance staff, and Coinbase employees.
The Mechanics of CryptoChameleon Phishing Kit
According to a February 29 press release by Lookout, the CryptoChameleon phishing kit mimics techniques employed before by the Scattered Spider cybercriminal group, which includes taking a unique approach to collect login credentials.
Sponsored
By leveraging the phishing kit, cybercriminals can approach victims via text messages and voice calls to build trust while luring them into the attack. If successful, the attack can result in the theft of sensitive data, including usernames, passwords, password reset URLs, and photo IDs.
โUnlike typical phishing kits, which attempt to harvest credentials as quickly as possible, CryptoChameleon is aware of modern security controls organizations have put in place such as multi-factor authentication and allows bad actors to respond accordingly,โ the statement read.
According to anecdotal accounts of the people who have fallen victim to the phishing kit, CryptoChameleon can replicate a real companyโs support team by leveraging phone numbers and websites that โappear to be legitimate.โ
Following this discovery, the Vice President of Endpoint and Threat Intelligence at Lookout, David Richardson, urged crypto exchanges to be on the lookout.
โWeโre seeing a trend of financially motivated threat actors โ who typically target cryptocurrency and direct financial fraud โ move into breaching enterprise and government organizations for ransom. We urge cryptocurrency and single-sign-on users and organizations to take steps to protect their devices, work, and personal data.โ Richardson stated.
Per the statement, Lookout researchers have identified over 250 phishing sites using CryptoChameleon, with โmore being found every day.โ As for the number of victims the phishing kit has already impacted, Lookout said it runs into โhundreds.โ
Stay updated on why BitForex is stirring exit scam fears:
Hereโs Why BitForex Is Stirring Exit Scam Fears Among Users
Stay updated on the recent exploit on Seneca Protocol: