Threat actors targets Bitwarden via Google Ads
Threat actors are targeting Bitwarden through Google ads phishing campaigns in order to steal users’ password vault credentials.
A spoof version of Bitwarden was expertly created to look exactly like the real thing and fool unsuspecting users. The threat actors’ ads for the spoofed version appear on the Google search domain.
The ad’s domain was ‘appbitwarden.com,’ and anyone who clicks on the link in the Google Search result will be redirected to bitwardenlogin.com. Although the website appears to be legitimate, it is important to note that it is not because the authentic URL is bitwarden.com and the login page URL is vault.bitwarden.com. The page at ‘bitwardenlogin.com’ was a carbon copy of the official Bitwarden Web Vault login page. As a result, unsuspecting users could have been duped into thinking the page was genuine.
When users enter their credentials, the phishing page will redirect them to the legitimate Bitwarden login page. This was an attempt to steal legitimate Bitwarden users’ master passwords. After users noticed the scam ads appearing on Google Search, the company issued the warning.
Bitwarden’s Chief Customer Officer Gary Orenstein said: “We remind users looking for Bitwarden not to rely on search engines when looking for the Bitwarden login page, but to start with Bitwarden.com. A useful tip for users of the web vault is to bookmark http://vault.bitwarden.com. This eliminates the chances of an imposter site grabbing your attention, which can happen when using a search engine.”
Users are advised to always enable multi-factor authentication in their password manager. They are also advised to change their passwords on a regular basis, to never use the same password for multiple accounts, and to use anti-virus software.
Users should also double-check the web address or URL of any advertisement they intend to click on. If there is a misspelling or a domain they do not recognize, the ad will most likely direct them to a malicious website. Users should also think about installing an ad blocker.
The sources for this piece include an article in BleepingComputer.