Google Adwords phishing campaigns steal Bitwarden and other password managers’ vault passwords. As enterprises and consumers use unique passwords at every site, password managers must keep track of them. Unless you use KeePass, most password managers are cloud-based, allowing users to access their credentials via websites and mobile apps.
“Password vaults” on the cloud encrypt these passwords with users’ master passwords. LastPass’s security breaches and Norton’s credential stuffing attacks show that a password vault’s master password is weak. Threat actors have been seen generating phishing pages that target your password vault’s login credentials, maybe authentication cookies since once they acquire these, they can access your vault.
Google Phishing Used To Target Bitwarden Users
Bitwarden customers started seeing Google ads for “bitwarden password manager” on Tuesday. Reddit and Bitwarden forum users saw this ad. The phishing page accepted credentials and redirected users to Bitwarden in our tests.
The page was offline when we started testing with real Bitwarden test login credentials. Thus, we could not determine if the phishing website would take MFA-backed session cookies (authentication tokens) like many advanced phishing pages.
Some thought the URL was a dead giveaway and that it was a phishing page, but others couldn’t tell. “Damn. How can I spot a fake? Scary, “said the phishing page Reddit thread poster.
“People are saying to look at the URL, maybe it’s just my tiny brain, but I can’t tell which is the actual one,” said another person on the same Reddit post. Worse, Google advertising is targeting Bitwarden and other phishing sites.
MalwareHunterTeam spotted Google advertising targeting 1Password passwords. According to a recent study, threat actors are leveraging Google advertisements to distribute malware to business networks, steal credentials, and launch phishing attacks.
Google Search, Gmail, Google Docs, and other productivity tools would not exist without ads. Search engine adverts may link to phishing sites, so be careful. Hackers can buy ads online since anyone can. Google’s security measures occasionally cause bad advertising.
Because they’re advertising, Google Search’s first results should always be ignored. Bitwarden and other sites appear lower in search results. Clicking on the first result may feel natural, but it could be dangerous.
How To Ensure Password Manager Is Secured
Protecting password vaults, which hold your most sensitive online data, is crucial. Always check the website before entering your passwords to prevent phishing attempts on your password vaults.
If you accidentally submit your credentials on a phishing site, use multi-factor authentication using your password manager.
Hardware security keys are best but cumbersome, authentication apps are good and easier to use, and SMS verification is worst (can be hijacked in sim swapping attacks).
Modern adversary-in-the-middle (AiTM) phishing attempts can compromise your accounts even with MFA. When a user checks in, the phishing toolkit can harvest MFA-backed session cookies from the real site. These MFA-verified tokens allow threat actors to get into your account without MFA.
Microsoft warned in July that these exploits bypassed multi-factor authentication for 10,000 organizations. At the same time, you want to use the best antivirus software for your PC, Mac, and Android smartphone. For security-conscious people who are more at risk, the best identity theft protection will help you recover from fraud and reclaim your identity if it’s stolen online.
Since Google, Apple, Microsoft, and others are promoting passkeys instead of passwords, you may not need a password manager. Even on trustworthy search engines, be careful where you click.
Conclusion
Hackers are once more exploiting Google Ads to trick unwary users into visiting phishing websites, but this time they have Bitwarden and other password managers in their sights. You can safely store all of your login information in one location with the best password managers, and you can even create new, difficult passwords using their built-in password generators. However, because all of that private information is in one location, password managers are an ideal target for online fraudsters.
