Anti-Phishing, DMARC , Cybercrime , Fraud Management & Cybercrime

Mobile-Driven Phishing Spoofs FCC, Cryptocurrency Giants

Researchers Say Hackers Used Fake Login Pages to Trick 100 Victims, Crypto Workers
Mobile-Driven Phishing Spoofs FCC, Cryptocurrency Giants

A new phishing campaign is targeting victims through mobile devices by mirroring legitimate login pages for the Federal Communications Commission and large cryptocurrency platforms including Binance and Coinbase. At least 100 victims, including crypto company employees, have fallen for the scam.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

Cybersecurity firm Lookout said the phishing campaign, dubbed CryptoChameleon, uses legitimate-looking SSO login pages and begins with phishing by email, SMS or voice calls to trick victims into sharing sensitive information, including usernames, passwords, password reset URLs and photo IDs. Hackers are mainly targeting U.S.-based users.

Lookout flagged the phishing kit's activity after discovering a suspicious domain, fcc-okta.com - that resembles the legitimate FCC Okta SSO page.

CryptoChameleon incorporates an administrative console that allows operators to monitor and customize phishing pages in real time. The operator can redirect victims based on the information provided, enhancing the illusion of legitimacy during the attack.

The attack primarily focuses on mobile users, and the phishing kit showcases a high level of customization. The operator can also tailor the phishing page to provide specific details, such as the last digits of the victim's phone number, to create a more convincing scenario.

The phishing websites rely on multiple hosting networks, including Hostwinds, Hostinger, RetnNet in Russia and QWARTA LLC hosting services. The attackers continually shift hosting networks - an action likely to prolong the lifespan of their malicious sites.

Researchers said the victims reported a combination of phone calls and text messages being used to manipulate them into completing the phishing process. The threat actor adopts a convincing persona and often claims that the victim's account has been compromised, leveraging both voice calls and SMS to build trust.

While the attack shares similarities with the Scattered Spider group, differences in capabilities and command-and-control infrastructure suggest that CryptoChameleon is likely a distinct threat actor or group, possibly inspired by previous successful tactics.

The full extent of CryptoChameleon's impact remains unclear, as researchers continue to analyze back-end logs and investigate potential connections between different phishing sites.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.