The Password manager of BitWarden, as well as other passwords of passwords, became the target of phishing campaigns using Google ADS. The purpose of scammers is to steal all the passwords of a potential victim, from all services.
Since more and more often users need to come up with unique passwords for each site, the use of password managers has become a need to not forget the data for the entrance and not lose access to their accounts.
However, it is precisely the cloud storage of passwords that make the accounting data of users more vulnerable to attacks of attackers. Recent security disorders in Lastpass and Nortonlifelock showed that the master parole is a weak link in all password storage facilities.
And more recently, phishing pages were noticed on the Web, promoted using the Google ADS service. These pages are aimed at the accounting data of popular password storage facilities, as well as their cookies. With proper use, these data will open the Cyberbandes complete access to the storage itself and all passwords inside.
On January 24, BitWarden Password users began to see a fraudulent announcement in the Google search results. The domain used in the announcement, “Appbiten.com” when pressed redirected users to the website “BitWardenlogin.com”. This page was an exact copy of this entrance page to the BitWarden Web Vault Password manager.
Search issue of Google with a fake site in a sponsorship unit
The most interesting thing is that after collecting the accounting data, the phishing page redirected users to this BitWarden website. That is, the scammers acted as imperceptibly as possible, and the data collected for entering, apparently, was planned to be used in a targeted attack later.
Malwarehunterteam security researcher also recently discovered that Google ADS showed such phishing ads for another password – 1PassWord. In a word, a lot of questions arise for the moderation of ads by Google. Recent studies in the field of cybersecurity have shown that attackers have been actively using Google ADS in their harmful campaigns for a long time.
Password storages, in essence, store the entire Internet life of the user. Therefore, it is by no means important not to give access to their hands to scammers. First of all, when entering a master key from a password manager, you should always make a domain name. Suddenly a phishing site? Better yet, configure two -factor authentication. So, even if you accidentally enter all the data for the entrance to the storage on the Fishine website, the attackers will still not get the access they need.