Phishing alert graphic: Email icon with "LastPass Hack" ZIP exploding into malware code, arrows to keylogger and data theft; protective shields for MFA and antivirus, with "Verify Before Clicking" warning banner.

LastPass has uncovered a phishing campaign sending emails about a "LastPass Hack" with a ZIP file ("LastPass_Security_Update.zip") containing an MSI installer. When run, it drops a PowerShell script that fetches malware from a C2 server, enabling keylogging, screenshot capture, and lateral network movement for data theft.

Phishing alert graphic: Email icon with "LastPass Hack" ZIP exploding into malware code, arrows to keylogger and data theft; protective shields for MFA and antivirus, with "Verify Before Clicking" warning banner.Phishing alert graphic: Email icon with "LastPass Hack" ZIP exploding into malware code, arrows to keylogger and data theft; protective shields for MFA and antivirus, with "Verify Before Clicking" warning banner.

The malware persists by injecting a DLL into svchost.exe, bypassing security and spreading in corporate environments. Users clicking links faced login failures and unusual traffic, showing the attack's stealth.

Phishing alert graphic: Email icon with "LastPass Hack" ZIP exploding into malware code, arrows to keylogger and data theft; protective shields for MFA and antivirus, with "Verify Before Clicking" warning banner.Phishing alert graphic: Email icon with "LastPass Hack" ZIP exploding into malware code, arrows to keylogger and data theft; protective shields for MFA and antivirus, with "Verify Before Clicking" warning banner.

Protect yourself:

Verify emails from official sources, enable MFA, and monitor PowerShell activity with antivirus. Report suspicious emails to LastPass to avoid these evolving threats.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net