Convincing, Malicious Google Ads Look to Lift Password Manager Logins

Users searching for Bitwarden and 1Password's Web vaults on Google have recently reported seeing paid ads with links to cleverly spoofed sites for stealing credentials to their password vaults.

Jai Vijayan, Dark Reading

January 30, 2023

2 Min Read
Convincing, Malicious Google Ads Look to Lift Password Manager Logins
Alamy

Several users of Bitwarden's password management technology last week reported seeing paid ads to credential stealing phishing sites when they used Google to search for the official Web vault login page for the vendor.

Google says addressing the problem is a top priority.

The posts about the problem, on Bitwarden's community forum and on Reddit, prompted the vendor to warn its users about the threat and urge them to bookmark the correct URL for the Web vault. 

"Sometimes imposters will try and grab your attention if you use a search engine. Stay safe and secure," Bitwarden said in an official tweet.

Password Vault Phishing: A Growing Threat

The vendor's warning echoed one from 1Password last week that referenced the same threat to users of the company's password manager. "It's come to our attention that some websites are posing as 1Password," the vendor said. "Ensure that any link directs you to our website." 

The malicious ads targeting users of Bitwarden and 1Password continue a string of recent attacks on password managers. In December, for instance, LastPass, among the larger vendors in this space, disclosed a breach in which attackers accessed a backup copy of customer vault data, including usernames, passwords, and form-filled data. The December attack followed one from last August, where threat actors gained access to the company's source code. In another incident that came to light in January, attackers broke into systems at Norton LifeLock and accessed customer information that may have included passwords stored in Norton Password Manager.

Related:Fake Windows Updates Trick Users Into Installing Ransomware

Google Ads: A New Tactic 

The malicious advertisements targeting Bitwarden and 1Password customers suggest that threat actors have added another tactic to break into password managers and compromise accounts associated with those passwords.

The malicious ads that users of Bitwarden and 1Password reported last week surfaced high on top of Google's search engine results when the users searched for "bitwarden password manager," for instance, or for 1Password's Web vault. And the landing pages are high quality: One Bitwarden user reported finding a phishing website that impersonated the vendor's official Web vault so well that it was hard to tell the difference. 

Continue reading this article on Dark Reading

Read more about:

Alphabet Inc.Dark Reading

About the Author(s)

Jai Vijayan

Jai Vijayan

Contributing writer, Dark Reading

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a senior editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics including big data, Hadoop, Internet of Things, e-voting and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a master's degree in statistics and lives in Naperville, Illinois.

See more from Jai Vijayan
Dark Reading

Dark Reading

Long one of the most widely read cyber security news sites on the Web, Dark Reading, a sister site to ITPro Today, is now the most trusted online community for security professionals like you. Dark Reading's community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

See more from Dark Reading
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

person holding a smartphone that shows a document icon and a checkmark
Regulatory Compliance
Master IT Compliance: Key Standards and Risks ExplainedMaster IT Compliance: Key Standards & Risks Explained
byBrien Posey
Jul 19, 2024
5 Min Read
Laws and regulations with padlock on cloud icons on laptop computer screen
Cloud Computing
What Is a Sovereign Cloud and Who Truly Benefits From It?What Is a Sovereign Cloud and Who Truly Benefits From It?
byChristopher Tozzi
Jul 18, 2024
6 Min Read
robot and human fingers touching
Career Management
Employees Beginning to See Benefits of AI Autonomy in the WorkplaceEmployees Beginning to See Benefits of AI Autonomy in the Workplace
byNathan Eddy
Jul 3, 2024
4 Min Read
Exclusive ITPro Resources
See all ITPro Resources

Featured How Tos

hand touches red cube via HoloLens view alongside diagram showing the app deployment workflow
Digital Transformation
How To Deploy Your App on Microsoft HoloLens 2How To Deploy Your App on Microsoft HoloLens 2
ITPro Today Data Privacy Quick Reference Guide cover image
Data Privacy
Data Privacy Quick Reference GuideData Privacy Quick Reference Guide
screenshot of unity software and a text object with the words Hello World
Digital Transformation
How To Build Apps for HoloLens 2 DevicesHow To Build Apps for Hololens 2 Devices
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up
Trending

Recent What Is

person holding a smartphone that shows a document icon and a checkmark
Regulatory Compliance
Master IT Compliance: Key Standards and Risks ExplainedMaster IT Compliance: Key Standards & Risks Explained
Laws and regulations with padlock on cloud icons on laptop computer screen
Cloud Computing
What Is a Sovereign Cloud and Who Truly Benefits From It?What Is a Sovereign Cloud and Who Truly Benefits From It?