It is quite alarmingly similar, isn't it? Everything from the fonts, icons, and other elements on the phishing site looks identical to the original login page.īleepingComputer says it ran some tests by entering some credentials on the site, but once it accepted them, the malicious web page redirected users to the official Bitwarden site. Do you see what happens when you don't use an ad blocker? uBlock Origin is my recommendation, feel free to check AdGuard or something else that fits your bill, just make sure it's a reputable extension/app, do your homework.Īnother Bitwarden user created a thread on the company's support portal, to alert others about the website that was trying to impersonate the official website's login page. Here's a look at the malicious ad (h/t reddit), shockingly these malicious pages were placed at the top of the search results, above the legitimate URL itself. But these phishing campaigns are actually a little more sophisticated, hackers often steal authentication tokens too.
#Chrome extensions bitwarden password
The attackers could try using the obtained credentials and login to the accounts on Bitwarden's servers, to steal the contents of the password vault.
Now what would happen if a user entered their username and the master password that unlocks their vault, and the scammers get hold of that information. This particular website closely resembles Bitwarden's login page. The above image is from a reddit user who posted it a couple of days ago. Users have reported that they have seen fake advertisements for Bitwarden on Google, the links in the ads were however not related to the password manager's websites.
0 kommentar(er)
