Hackers are once again exploiting Google ads to direct unsuspecting users to phishing sites, this time targeting Bitwarden and other password managers
The best password managers allow you to securely store all your login information in one place and even generate new, strong, and complex passwords using the built-in password generator However, because all sensitive data is in one place, password managers are a prime target for cybercriminals
Other than KeePass, which stores passwords locally, most password managers are cloud-based and can access passwords from a website or mobile app; Bitwarden and other password managers store passwords in encrypted password vault and require the use of a master password to unencrypt them
However, hackers now appear to be using fake Google search ads to direct Bitwarden users to convincing phishing sites with the goal of stealing password vaults
According to a new report from BleepingComputer (opens in new tab), Bitwarden users were searching for "bitwarden password manager" earlier this week when a Google search result for "Bitward - They began seeing ads titled "Password Manager
They then posted on both Reddit and Bitwarden's forum to warn others Because the domain was "appbitwardencom" rather than just "bitwardencom," some were able to easily see that the ad was directing them to a phishing site, but many users ended up clicking on it As a result, they were redirected to a site called "bitwardenlogincom"
The phishing site was carefully designed to appear to be an exact replica of Bitwarden's actual Web Vault login page, although BleepingComputer's testing indicates that the site accepts user credentials, Once the credentials are submitted, the user is redirected to Bitwarden's official login page To make matters worse, the phishing site attempted to steal MFA-backed session cookies and authentication tokens to gain full access to the Bitwarden user's password vault
Bitwarden is not the only password manager targeted by fake ads
Advertising is an important part of the online ecosystem, and without advertising, Google Search, Gmail, Google Docs, and other online productivity tools from the search giant would not exist However, before clicking on an ad in a search engine, one should think twice about the possibility that it could lead to a phishing site Since anyone can buy ads online, hackers can as well Google has strict security checks in place for ads, but malicious ads can occasionally slip through the cracks
For this reason, the first results of a Google search are usually ads and should always be scrolled past; the actual sites of Bitwarden and other companies appear further down in the search results While it may seem natural to click on the first search result you see, you may be putting yourself at risk by doing so
If you are using a password manager, you need to make sure that you are taking additional steps to protect the passwords stored in your vault The first of these is to enable multi-factor authentication (MFA), which means that hackers will need your password and something else to access your account
One-time, SMS codes may be a common form of authentication, but they are not really that secure because attackers can use SIM swapping to hijack your codes authentication apps like Google Authenticator, better method and are not that difficult to use On the other hand, physical security keys are the best way to protect your account, but they are labor intensive
At the same time, you want to make sure you are using the best antivirus software to protect your PC, the best Mac antivirus software to protect your Mac, and the best Android antivirus app to protect your Android smartphone If you are security conscious and are more at risk than others, you may want to invest in the best identity theft protection This is because these services can help you recover from fraud or get your identity back if it was stolen online
Password managers are great, but with Google, Apple, Microsoft, and other tech giants promoting passkey as an alternative to passwords, you may not need one But still, be careful where you click, even on legitimate search engines
Comments