The method that he describes on his blog works in Google Chrome, and to a degree in Firefox as well.
The main difference between the two browsers is that fake messages displayed to Chrome users on attack sites look identical to the message the LastPass extension would display to them, while that's not the case if Firefox is being used.
So how does the phishing attack work?
LastPass displays messages to users in the browser's viewport to which websites that are open in the browser have access to as well.
A malicious site would draw the LastPass notification after checking that the password manager is being used. According to Cassidy, they could even log out the user before they display the message to make it look more real.
The message would ask users to enter their username and password, and if configured, two-factor authentication code.
Obviously, the information can then be used by the attacker to gain access to a user's vault allowing them to access all account information, notes and other sensitive data saved in it.
Have you been hacked?
You can verify account access on the Account History page. There you find listed all recent log ins.
Do the following to get there:
Each event is listed with a date, IP address, DNS and method used for the access.
How to prevent getting hacked
LastPass is working on a fix according to Sean Cassidy who disclosed the issue to the company last year.
The attack can be detected easily however.
Generally speaking, you may want to sign in on the LastPass website directly, and not via the extension. Once you are signed in on the site, the login gets picked up by the extension so that you can use its functionality as well.
Now You: How do you sign in to LastPass or other online password managers?Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.