New Phishing Campaign “CryptoChameleon” Targets FCC and Crypto Companies

A sophisticated phishing campaign, dubbed CryptoChameleon, has surfaced, taking aim at employees of the Federal Communications Commission (FCC) and personnel from prominent crypto entities such as Coinbase, Binance, Gemini, Kraken, ShakePay, and Trezor.

Security analysts from Lookout report that the attackers behind CryptoChameleon employ a new toolkit to fabricate authentic-looking single sign-on pages for Okta, a cloud service provider for authentication. These meticulously crafted pages serve as bait in a multi-stage social engineering attack, leveraging emails, SMS, and voice phishing techniques to dupe targets into divulging sensitive information, including usernames, passwords, password reset URLs, and even photo IDs. The majority of victims are situated in the United States.

Innovative Phishing Tactics

Lookout’s analysis reveals that the phishing kit utilizes a novel tactic by prompting victims to complete a captcha using hCaptcha, thwarting automated analysis tools from detecting the fraudulent site. Moreover, the phishing kit allows real-time interaction with victims, facilitating customization of pages to incorporate phone number digits, thereby enhancing their authenticity.

Lookout’s investigation uncovered over 100 successful phishing attempts linked to CryptoChameleon, with ongoing phishing activities predominantly hosted on servers provided by Hostwinds, Hostinger, and the Russia-based RetnNet.

This latest phishing campaign underscores the evolving sophistication of cyber threats targeting both governmental bodies and cryptocurrency companies, emphasizing the critical importance of robust cybersecurity measures and heightened vigilance in safeguarding sensitive information.