A phishing kit, named CryptoChameleon, has been targeting cryptocurrency platforms, including employees of Binance and Coinbase. The kit has also been targeting the Federal Communications Commission as well. According to a Lookout analysis, the victims primarily use Apple iOS and Google Android devices with single sign-on solutions. These include Okta, Outlook and Google.
Successful attacks have yielded sensitive data beyond usernames and passwords, including password reset URLs and photo IDs, making the attacks more damaging. The attacks are utilizing advanced tactics, such as personal outreach. The social engineering includes text messages and voice calls impersonating legitimate support personnel from reputable companies.
Read More: CryptoChameleon Attackers Target Apple, Okta Users With Tech Support Gambit