Utilizing Google to look up the vendor’s official Web vault login page, several customers of Bitwarden’s password management service last week reported seeing paid advertising to phishing sites that steal credentials.
Google ads targeting Bitwarden users
Several password managers are cloud-based, enabling users to access their passwords via websites and mobile apps unless they utilize a local password manager like KeePass. The industry has criticized KeePass for being less user-friendly than cloud-based alternatives, but technical users rely on its security because it encrypts all passwords and the entire database and is saved locally on a computer rather than in the cloud.
According to a revelation from last week, Google ads phishing efforts that sought to acquire user password vault credentials specifically targeted Bitwarden and 1Password. Malicious advertising that targets users of Bitwarden and 1Password indicates that threat actors have added a new method for breaking into password managers and compromising the accounts connected to those passwords.
When clients browsed for terms like ‘bitwarden password manager’ or ‘1Password’s Web vault,’ for example, the malicious advertising which customers of Bitwarden and 1Password reported seeing last week was near the top of Google’s search
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: