Bitwarden Phishing Attack
February 23, 2023
Courtesy of SBAM Approved Partner, SensCy
Many users have found that Bitwarden password vaults were targeted in Google ads phishing attacks to steal Bitwarden users’ credentials, including master passwords necessary to access encrypted password vaults.
Threat actors have recently targeted password managers, including LastPass and Norton LifeLock, to access logins and other credentials. SensCy urges users to stay vigilant when entering logins and master passwords.
Bitwarden users began seeing a Google ad titled ‘Bitwarden – Password Manager’ in search results for “bitwarden password manager.”
The domain used in the ad was ‘appbitwarden.com’ and, when clicked, redirected users to the site ‘bitwardenlogin.com.’ The page at ‘bitwardenlogin.com’ replicates the legitimate Bitwarden Web Vault login page. Once the credentials are submitted on the phishing page, it redirects users to the legitimate Bitwarden login page. It is unclear if the phishing can bypass the MFA.
Make sure you only enter your credentials on a legitimate website or application and immediately implement Multi-factor Authentication on your Password Manager accounts.
Learn more about SBAM’s cybersecurity solutions at sbam.org/cybersecurity