Block `CryptoChameleon` a phishing kit targeting cryptocurrency platforms

Enhancement idea

[x] Block CryptoChameleon a phishing kit targeting cryptocurrency platforms.

Description

An advanced phishing kit known as CryptoChameleon that employs innovative tactics to target cryptocurrency platforms and the Federal Communications Commission (FCC) through mobile devices. This kit, reminiscent of tactics used by groups like Scattered Spider, allows attackers to create replicas of single sign-on (SSO) pages. By utilizing email, SMS, and voice phishing techniques, the attackers deceive victims into divulging sensitive information such as usernames, passwords, password reset URLs, and even photo IDs from numerous victims primarily in the United States.

Targets:

Employees targeted at:
- Federal Communications Commission (FCC)
- Binance
- Coinbase
Cryptocurrency users targeted at:
- Binance
- Coinbase
- Gemini
- Kraken
- ShakePay
- Caleb & Brown
- Trezor
Email/Single sign-on services targeted:
- AOL
- Gmail
- iCloud
- Okta
- Outlook
- Twitter
- Yahoo

Tactics and Flow of the Phishing Site:

The phishing kit employs a novel tactic by initiating a captcha using hCaptcha to deter automated analysis tools.
The login page mimics the FCC's legitimate Okta page to deceive victims into providing their credentials.
Upon completion of the captcha, victims are directed to wait, sign in, or request the MFA token.

Additional Insights:

The phishing kit can impersonate various company brands beyond the FCC's Okta page.
The investigation revealed references to cryptocurrency platforms and SSO services within the kit.

This discovery underscores the evolving nature of phishing attacks, particularly targeting mobile devices. The use of sophisticated tactics like captcha challenges and mimicking legitimate pages poses significant risks to individuals and organizations.

Links

https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit

IOC

I2P websites

n/a

IPFS websites

n/a

Tor2web websites

n/a

TOR websites

n/a

URL's

n/a

Folders

n/a

Sub-Domains

n/a

Domains

07159889-coinbase.com
10195-coinbase.com
11246-coinbase.com
11247-coinbase.com
11248-coinbase.com
11258-coinbase.com
11259-coinbase.com
113912-coinbase.com
11472-coinbase.com
11923-coinbase.com
11957-coinbase.com
128147-coinbase.com
12958-coinbase.com
12984-okta.com
12985-coinbase.com
13130-coinbase.com
13247-coinbase.com
13247-icloud.com
13267-coinbase.com
146271510-coinbase.com
146282-coinbase.com
146284-coinbase.com
147260-coinbase.com
14765-coinbase.com
14817582-coinbase.com
14871904-coinbase.com
14891902-coinbase.com
1492864-coinbase.com
158312-coinbase.com
158372-coinbase.com
158702-coinbase.com
16171675-coinbase.com
16171832-coinbase.com
16178234-coinbase.com
16178237-coinbase.com
16178434-coinbase.com
162178-coinbase.com
162478-coinbase.com
162782-coinbase.com
162812-coinbase.com
162814-coinbase.com
16442580-coinbase.com
16450107-coinbase.com
16450207-coinbase.com
16458207-coinbase.com
16478202-coinbase.com
164872942-coinbase.com
16590-coinbase.com
16594373-coinbase.com
16624831-coinbase.com
16642124-coinbase.com
16642172-coinbase.com
16642580-coinbase.com
16642721-coinbase.com
16642724-coinbase.com
16642871-coinbase.com
16642872-coinbase.com
16712942-coinbase.com
16718672-coinbase.com
16728342-coinbase.com
16728348-coinbase.com
16728442-coinbase.com
16728472-coinbase.com
167285-coinbase.com
16729042-coinbase.com
16748272-coinbase.com
16782942-coinbase.com
16827420-coinbase.com
16827423-coinbase.com
16847145-coinbase.com
16893924-coinbase.com
17182-coinbase.com
172486-coinbase.com
17255030-coinbase.com
17259-kraken.com
17284652-coinbase.com
17286-coinbase.com
17334522-coinbase.com
17334522-kraken.com
17384522-coinbase.com
173912-coinbase.com
17494976-coinbase.com
17512854-coinbase.com
17512857-coinbase.com
1751954-coinbase.com
17525030-coinbase.com
17529580-coinbase.com
17614-coinbase.com
17618412-coinbase.com
17619-coinbase.com
176284-coinbase.com
17823920-coinbase.com
178253-coinbase.com
178294-coinbase.com
17912-coinbase.com
17914-coinbase.com
17917-coinbase.com
17954-coinbase.com
17958-coinbase.com
182043-coinbase.com
18275-gemini.com
18276-coinbase.com
18290185-coinbase.com
182967-coinbase.com
18560-coinbase.com
18571-coinbase.com
185912-coinbase.com
185914-coinbase.com
18592176-coinbase.com
18594162-coinbase.com
18594962-coinbase.com
18597162-coinbase.com
18719562-coinbase.com
1875290-coinbase.com
1882730-coinbase.com
18902-coinbase.com
18903-coinbase.com
189126-coinbase.com
18952-coinbase.com
192854-coinbase.com
192856-coinbase.com
19287-binance.com
19572-coinbase.com
195812-coinbase.com
195826-coinbase.com
1958262-coinbase.com
195827-binance.com
1958297-coinbase.com
19582970-coinbase.com
19582971-coinbase.com
19583-coinbase.com
19592653-coinbase.com
197304-coinbase.com
19730492-coinbase.com
19764162-coinbase.com
19803-coinbase.com
201784289-coinbase.com
210823644-coinbase.com
21158-coinbase.com
21509-coinbase.com
25985-coinbase.com
27699-coinbase.com
28367-coinbase.com
28676-coinbase.com
29185-coinbase.com
29195-coinbase.com
2a-coinbase.com
2b-coinbase.com
2c-coinbase.com
2f-coinbase.com
2fas-coinbase.com
2o-coinbase.com
2r-coinbase.com
2s-coinbase.com
2sv-coinbase.com
352134951-coinbase.com
38468-coinbase.com
39590-coinbase.com
41260-coinbase.com
427883-coinbase.com
43017-coinbase.com
47562-coinbase.com
50195-coinbase.com
5247-coinbase.com
54765-coinbase.com
57197-coinbase.com
58176-coinbase.com
58297-coinbase.com
61250-coinbase.com
61835-coinbase.com
61851-coinbase.com
61937-coinbase.com
71925-coinbase.com
72957-coinbase.com
72985-coinbase.com
74651-coinbase.com
754668948-coinbase.com
76153-coinbase.com
76159869-coinbase.com
81758-coinbase.com
81920-coinbase.com
81926-coinbase.com
81958-coinbase.com
826298-coinbase.com
83216-coinbase.com
837613-coinbase.com
83956-coinbase.com
87157-coinbase.com
87312-coinbase.com
89304-coinbase.com
89375-coinbase.com
91723-gemini.com
91752-coinbase.com
91756-coinbase.com
91782-coinbase.com
91835-coinbase.com
91845-coinbase.com
91923-coinbase.com
92758-coinbase.com
948122061-coinbase.com
978941-coinbase.com
accountrecovery-coinbase.com
action-shakepay.com
adjust-coinbase.com
admin-kraken.com
applechargebacks.com
authenticate-gemini.com
authorize-gmail.com
binance-okta.com
captcha-coinbase.com
cd-coinbase.com
circular-noon-farmhouse.glitch.me
coinbase-heip.com
coinbase-live.support
coinbase-reject.com
coinbase-ticket.com
coinbaseheip.com
com-2fa.help
com-2fa.support
com-3845.support
com-connect.help
com-fraud.support
com-help.support
com-reset.help
com-reset.net
com-ticket.live
com-ticket.support
contact-nexo.com
convert-coinbase.com
customerservice-coinbase.com
default-coinbase.com
defend-coinbase.com
deny-coinbase.com
dflfmgsdokasdcpl.com
disconnect-coinbase.com
escalate-coinbase.com
establish-coinbase.com
fcc-okta.com
fraudulent-coinbase.com
guard-apple.com
guard-icloud.com
guardian-coinbase.com
guide-gemini.com
help-bitfinex.com
help-shakepay.com
helpdesk-apple.com
helpdesk-gemini.com
helpdesk-icloud.com
identification-coinbase.com
island-placid-bromine.glitch.me
keys-coinbase.com
lockdown-coinbase.com
login-nexo.com
messages-coinbase.com
newpassword-coinbase.com
official-server.com
original-backend.com
prompt-coinbase.com
protect-apple.com
protect-coinbase.com
protect-gmail.com
protect-kraken.com
recoverme-coinbase.com
recoveryportal-coinbase.com
refunds-coinbase.com
reset-okta.com
restore-coinbase.com
return-coinbase.com
reverts-coinbase.com
secure-binance.us
secure-icloud.com
secure-nexo.com
secure-shakepay.com
security-umusic.com
server694590423.tech
session-coinbase.com
signin-kraken.com
startrecovery-coinbase.com
suite-trezor.io
supportportal-coinbase.com
talented-friendly-price.glitch.me
tech-icloud.com
threat-coinbase.com
ticket-apple.com
ticket-coinbase.com
tickets-apple.com
tokens-coinbase.com
unblock-coinbase.com
unlink-coinbase.com
welcome-coinbase.com
www-coinbasewallet.com
www-help-coinbase.com
www-help-gemini.com
your-coinbase.com

IP's

n/a

Emails

n/a

Wallet addresses

n/a

Mining pool addresses

n/a

chartingshow / crypto-firewall