A new malvertising campaign impersonating Bitwarden was spotted by Bitdefender Labs, whose researchers report that the operation launched on November 3, 2024.
The Facebook advertising campaign warns users that they're 'using an outdated version of Bitwarden,' and need to update the program immediately to secure their passwords.
However, instead of the extension automatically installing, visitors are prompted to download a ZIP file from a Google Drive folder, a clear sign of danger.
Once installed, the extension registers as 'Bitwarden Password Manager' version 0.0.1 and secures permissions that enable it to intercept and manipulate user activities.
Collection
[
|
...
]