Bitwarden Phishing Attack

In today’s Cyber Brief, SensCy analyzes a new phishing trend targeted at password managers, notably Bitwarden.

Many users have found that Bitwarden password vaults were targeted in Google ads phishing attacks to steal Bitwarden users’ credentials, including master passwords necessary to access encrypted password vaults.

Threat actors have recently targeted password managers, including LastPass and Norton LifeLock, to access logins and other credentials. SensCy urges users to stay vigilant when entering logins and master passwords.

Last Tuesday, Bitwarden users began seeing a Google ad titled ‘Bitwarden – Password Manager’ in search results for “bitwarden password manager.” (See picture below)

The domain used in the ad was ‘appbitwarden.com’ and, when clicked, redirected users to the site ‘bitwardenlogin.com.’ The page at ‘bitwardenlogin.com’ replicates the legitimate Bitwarden Web Vault login page. Once the credentials are submitted on the phishing page, it redirects users to the legitimate Bitwarden login page. It is unclear if the phishing can bypass the MFA.

Make sure you only enter your credentials on a legitimate website or application and immediately implement Multi-factor Authentication on your Password Manager accounts.

If you need assistance securing your password keeper, please contact SensCy.