Workspace ONE Mobile Threat Defense Mobile VMware Workspace ONE Workspace Security

Beware of CryptoChameleon, the new phishing threat that uses social engineering to trick victims

In the ever-evolving landscape of cyber threats, the CryptoChameleon phishing attack has emerged as a new example of how cybercriminals use advanced social engineering to gain access to victim’s accounts. Like a chameleon, the hackers camouflage themselves, but as trusted authorities, to blend in and stay hidden. This makes these attacks tough to spot and stop, especially for companies trying to keep their data safe. CryptoChameleon targeted the Federal Communications Commission (FCC), Binance, Coinbase, and other cryptocurrency platforms.

The victims of the recent CryptoChameleon phishing attacks shared usernames, passwords, password reset URLs, and even photo IDs. Our Workspace ONE Mobile Threat Defense technology partner, Lookout, uncovered this advanced phishing kit. CryptoChameleon is just one example of a sophisticated social engineering campaign, whereby attackers use information and awareness of human behaviors to infiltrate organizations. Thanks to the automated protections of Lookout, Workspace ONE Mobile Threat Defense customers with phishing and content protection enabled are protected from CryptoChameleon. Let’s dive into what makes CryptoChameleon so different from other phishing tactics.

Why was CryptoChameleon successful?

The phishing campaign looked and felt legitimate. The cybercriminals did their homework and built a very advanced phishing kit with carbon copies of single sign-on (SSO) pages to capture credentials. For example, the domain in question was fcc-okta[.]com, which is only a single character different from the legitimate FCC Okta Single Sign-On (SSO) page. On a mobile device, it’s not easy to spot a very good replica.

Furthermore, the fake page had a built-in captcha, a very clever tactic that made the page appear more legitimate and stopped web page crawling, which prevented automatic evaluation of the phishing site by security teams. Victims entered their login details and were presented with a verification code page. After using the fake verification, the victims were sent to a fake waiting page while the login was utilized. Finally, a live person in the form of a well-spoken operator supported the phishing kit. The operator answered a fake help line and then used a combination of email, SMS, and voice phishing to trick the victims into sharing usernames, passwords, password reset URLs, and photo IDs. The threat actor would tell victims that their accounts were under review and to attempt a log in later. Then, the victims would get an unsolicited phone call that spoofed the organization’s customer support line. The threat actor would inform victims that their account had been hacked, but that the victimized caller would help them recover the account. While the victims were on the phone with the threat actor, they would receive a text message that linked to a login page set up to mimic the organization’s legitimate Okta page. In the meantime, the cyber criminals would access the victim’s accounts with the access they had unwittingly provided.

Spoofed Okta page created by the CryptoChameleon threat actors.

How can organizations defend against CryptoChameleon?

Protecting against advanced phishing kits employing social engineering requires deep defense tactics. Here are a few key ways to secure your organization:

  1. Increase education and awareness. Regularly train employees and users to recognize social engineering tactics and be cautious about sharing sensitive information. Notify and keep employees engaged by delivering the latest news, tips and tricks directly to their digital workspace with Workspace ONE Intelligent Hub.  
  2. Use multi-factor authentication Implement additional layers of security, such as multi-factor authentication (MFA), to mitigate the impact of compromised credentials. MFA should be one part of an overall zero trust security approach that includes conditional access and zero-trust access to applications and resources. 
  3. Deploy advanced mobile security. Workspace ONE Mobile Threat Defense has multiple layers of defenses, including phishing and content protection, to detect and prevent social engineering attacks. Workspace ONE Mobile Threat Defense protects against malicious links at the URL level, and it also ties in with Workspace ONE Unified Endpoint Management (UEM) so you can respond to threats automatically and share status across IT and security teams.

In conclusion

CryptoChameleon is an example of a very sophisticated social engineering campaign organizations encounter today.Powered by Lookout, Workspace ONE Mobile Threat Defense provides customers with comprehensive mobile security that includes phishing and content protection. With Workspace ONE Mobile Threat Defense, activation of mobile security is simplified, and automations and remediations can happen via security integration with Workspace ONE UEM.

Fortify your defenses by staying vigilant and informed and protect what matters most. See Mobile Threat Defense in action in our upcoming technical webinar here or contact your sales representative for a free trial.