 |
| Image Source: LastPass |
| LastPass Password Manager warned customers about a new social engineering campaign in which threat actors are leaving five-star reviews, posing as support on the LastPass extension review page on Google Chrome. In these reviews, they provide customers with a phone number to contact for help resolving potential issues. |
| If contacted, users connect with someone claiming to support LastPass. They ask the user about their support issue, how they access LastPass, and which operating system they use. Once they gather the basic information, the threat actors direct their target to dghelp[.]top to enter a code to download a ConnectWise ScreenConnect agent, which gives the threat actors access to the target’s computer. While the user is still engaged with the call, the scammer can install other malicious infostealing software. |
 |
| Image Source: BleepingComputer |
| Researchers have found the phony support phone number 805-206-2892 associated with this scam to be linked to a larger campaign involving several other companies, including Adobe, Amazon, Capital One, Netflix, and Verizon. In some instances, the fake support number has not been limited to Chrome extension reviews and has been posted on other sites, including brand forums and Reddit. |
| While this campaign has primarily affected Google Chrome users, researchers have recently identified a scam targeting users through Microsoft Bing’s search engine. Users searching for “Keybank login” will yield a malicious copycat page as the top result. This credential harvesting scam appears to abuse Bing’s search algorithm to appear above the official website in the search engine result pages. |
| Recommendations |
| Exercise caution with information found in comments and reviews, even if it appears to originate from legitimate sources. Confirm contact information from verified and official sources. Submit account credentials only on official websites. Download applications only from official sources. Promptly uninstall affected apps. Immediately change credentials used to log into malicious apps. |