CryptoChameleon strikes Apple, Okta users in latest cyberattacks

1 min read



  • CryptoChameleon phishing kit targets Apple, Okta users and cryptocurrency platforms.
  • Attacks utilize convincing impersonation techniques and personal outreach, posing a serious threat.

CryptoChameleon Attackers Target Apple, Okta Users

A phishing kit dubbed CryptoChameleon has been discovered targeting cryptocurrency platforms and government agencies like the Federal Communications Commission (FCC). The attackers primarily aim at users of Apple iOS and Google Android devices with single sign-on (SSO) solutions like Okta, Outlook, and Google. Successful attacks have led to the compromise of sensitive data beyond usernames and passwords. To combat this threat, stronger forms of authentication like WebAuthn-based passkeys are recommended by experts.

Sophisticated CryptoChameleon’s Phishing Tactics Are Convincing

The CryptoChameleon attackers exhibit advanced tactics, including personal outreach through personalized text messages and voice calls impersonating support personnel. They create convincing duplicates of legitimate pages, making detection challenging. The phishing kit also uses hCaptcha to evade automated analysis tools. While the methods resemble those of a known cyber threat group, Scattered Spider, there are enough variances to suggest a different threat actor.

Don’t Be Duped by Fake Phone Calls From Tech Support

Organizations must educate their employees about social engineering tactics, verify the source of requests, and scrutinize text messages and phone calls for authenticity. Password managers and multifactor authentication (MFA) can provide additional layers of protection against phishing attacks, but cybercriminals are developing advanced tactics to bypass these security measures. Vigilance and user education are essential in defending against these sophisticated attacks.


Previous Story

Join #CS4CA: Protecting Critical Assets Summit USA, cybersecurity solutions for all

Next Story

DoD unveils fresh Cyber Ops Readiness Program – stay tuned

Latest from News

US sanctions Kaspersky Lab for Russia ties

TLDR: The Biden administration announced sanctions against 12 executives and senior leaders of Kaspersky Lab, a Russia-based cybersecurity company. The Commerce Department banned Kaspersky