An ongoing phishing campaign is targeting users of LastPass and Bitwarden with fake breach alerts designed to install remote access tools on victims’ systems. The emails falsely claim that both password managers suffered security incidents and urge users to download a “more secure” desktop application to protect their data.
LastPass confirmed it was not hacked and labeled the messages as social engineering attempts meant to create urgency and prompt users to install malicious software. The campaign began over a holiday weekend to exploit reduced IT staffing and delay detection. Fake emails were sent from domains like hello@lastpasspulse[.]blog and hello@lastpasjournal[.]blog, mimicking official communication.
Similarly, Bitwarden users received nearly identical messages from hello@bitwardenbroadcast.blog, using the same urgent tone and lure of a secure desktop app update. Cloudflare has since blocked the phishing landing pages, identifying them as malicious.
The downloaded binaries install Syncro, a legitimate remote monitoring and management (RMM) tool, which then deploys ScreenConnect to enable r
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: