In February 2024, Lookout discovered an advanced phishing kit targeting the Federal Communications Commission (FCC), along with several cryptocurrency platforms. While most people think of email as the realm of phishing attacks, this threat actor — known as CryptoChameleon — used the phishing kit to build a carbon copies of single sign-on (SSO) pages, then used a combination of email, SMS, and voice phishing to target mobile device users.

At Lookout, we’re no stranger to all the app risks, phishing attempts, and vulnerabilities that make mobile devices such appealing targets. Over the years, our researchers have identified 1500 threat families and have exposed some of the most sophisticated threats ever found, including Pegaussu, Dark Caracal, and — most recently — CryptoChameleon.

In cybersecurity, change is a given. Technology is constantly evolving, and attackers are always updating their tactics. If you want your organization to remain secure in this ever-changing environment, it’s not enough to keep up with the trends — you need to be one step ahead.