Bitwarden password vaults targeted by scam ads

Share post:

In order to steal users’ password vault credentials, phishing campaigns on Google ads are targeting Bitwarden and other password managers.

The advertised website is a forgery of the genuine article. And it was done expertly. It looks exactly like the real thing and could easily fool anyone. Those who followed the link in the Google Search result were taken to bitwardenlogin.com. That may appear legitimate at first glance. The authentic URL, on the other hand, is bitwarden.com, and the login page URL is vault.bitwarden.com.

Bitwarden informed users about the risk on its Reddit page. “Typing Bitwarden manually into a search engine each time increases your chances of falling prey to a phishing attempt due to spelling errors or malicious domains (with similar names),” a moderator wrote.

This phishing site was meticulously designed to look exactly like Bitwarden’s actual Web Vault login page. BleepingComputer discovered that the site did accept user credentials, but that once submitted, it would redirect them to Bitwarden’s official login page. To compound matters, the phishing site attempted to steal MFA-backed session cookies or authentication tokens in order to gain full access to a Bitwarden user’s password vault.

MalwareHunterTeam recently discovered that criminals were using fake Google ads to target 1Password users, so Bitwarden isn’t the only password manager being targeted by fake ads.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Cyber Security Today, June 12, 2024 – More Snowflake storage victims found, Microsoft issues new Windows patches,

More Snowflake storage victims found, Microsoft issues new Windows patches, and more. Welcome to Cyber Security Today. It's Wednesday,...

Former OpenAI employee alleges plan for AGI bidding war

In a recent interview, former OpenAI safety researcher Leopold Aschenbrenner made startling claims about his ex-employer's strategy regarding...

Malicious code in millions of installs traced to Microsoft Visual Studio

A group of Israeli researchers found thousands of potentially harmful extensions on the Visual Studio Code (VSCode) Marketplace,...

Cyber Security Today, June 10, 2024 – Microsoft backs down on Recall

Microsoft backs down on Recall. Welcome to Cyber Security Today. It's Monday, June 10th, 2024. I'm Howard Solomon, contributing...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways