[x] Block CryptoChameleon a phishing kit targeting cryptocurrency platforms.
Description
An advanced phishing kit known as CryptoChameleon that employs innovative tactics to target cryptocurrency platforms and the Federal Communications Commission (FCC) through mobile devices. This kit, reminiscent of tactics used by groups like Scattered Spider, allows attackers to create replicas of single sign-on (SSO) pages. By utilizing email, SMS, and voice phishing techniques, the attackers deceive victims into divulging sensitive information such as usernames, passwords, password reset URLs, and even photo IDs from numerous victims primarily in the United States.
Targets:
Employees targeted at:
Federal Communications Commission (FCC)
Binance
Coinbase
Cryptocurrency users targeted at:
Binance
Coinbase
Gemini
Kraken
ShakePay
Caleb & Brown
Trezor
Email/Single sign-on services targeted:
AOL
Gmail
iCloud
Okta
Outlook
Twitter
Yahoo
Tactics and Flow of the Phishing Site:
The phishing kit employs a novel tactic by initiating a captcha using hCaptcha to deter automated analysis tools.
The login page mimics the FCC's legitimate Okta page to deceive victims into providing their credentials.
Upon completion of the captcha, victims are directed to wait, sign in, or request the MFA token.
Additional Insights:
The phishing kit can impersonate various company brands beyond the FCC's Okta page.
The investigation revealed references to cryptocurrency platforms and SSO services within the kit.
This discovery underscores the evolving nature of phishing attacks, particularly targeting mobile devices. The use of sophisticated tactics like captcha challenges and mimicking legitimate pages poses significant risks to individuals and organizations.
Enhancement idea
CryptoChameleon
a phishing kit targeting cryptocurrency platforms.Description
An advanced phishing kit known as
CryptoChameleon
that employs innovative tactics to target cryptocurrency platforms and the Federal Communications Commission (FCC) through mobile devices. This kit, reminiscent of tactics used by groups like Scattered Spider, allows attackers to create replicas of single sign-on (SSO) pages. By utilizing email, SMS, and voice phishing techniques, the attackers deceive victims into divulging sensitive information such as usernames, passwords, password reset URLs, and even photo IDs from numerous victims primarily in the United States.Targets:
Employees targeted at:
Cryptocurrency users targeted at:
Email/Single sign-on services targeted:
Tactics and Flow of the Phishing Site:
Additional Insights:
This discovery underscores the evolving nature of phishing attacks, particularly targeting mobile devices. The use of sophisticated tactics like captcha challenges and mimicking legitimate pages poses significant risks to individuals and organizations.
Links
https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit
IOC
I2P websites
n/a
IPFS websites
n/a
Tor2web websites
n/a
TOR websites
n/a
URL's
n/a
Folders
n/a
Sub-Domains
n/a
Domains
IP's
n/a
Emails
n/a
Wallet addresses
n/a
Mining pool addresses
n/a