Malware, Vulnerability Management, Identity

Google ads phishing takes aim on password managers

BleepingComputer reports that users of different password management services have been targeted by Google ads phishing campaigns. Bitwarden users have been subjected to an attack campaign involving the use of the "appbitwarden.com" domain, which would redirect to the "bitwardenlogin.com" site that exactly resembles the real Bitwarden Web Vault login page and enable the collection of user credentials. Google ads phishing has also been used to compromise the credentials of individuals using the 1Password password manager. Both campaigns come amid the increased exploitation of Google ads to facilitate malware delivery for network compromise, credential theft, and phishing attacks. Individuals using password vaults have been urged to be wary of the legitimacy of the websites they are using and enable multi-factor authentication, especially with hardware security keys and an authentication app. Using SMS verification for MFA may make accounts more vulnerable to SIM swapping attacks than other MFA options, according to BleepingComputer.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.