Scammers are using a creative phishing campaign targeting LastPass users, posing as the company and sending emails with the subject line “Legacy Request Opened (URGENT IF YOU ARE NOT DECEASED)” to trick victims into clicking a malicious link and revealing their master passwords. The attackers, linked to the CryptoChameleon group, aim to steal credentials and potentially drain cryptocurrency wallets, with LastPass warning users that it never asks for master passwords and advising the use of MFA to combat such threats.
