Beware of Fake Bitwarden Ads on Facebook. Here is a quick look at the problem.

NachoVPN

Beware of Fake Bitwarden Ads on Facebook. Here is a quick look at the problem.

Fake Bitwarden ads on Facebook have been pushing a malicious Google Chrome extension that collects and steals sensitive user data from the browser. Bitwarden, a popular password manager app, has seen a steady increase in its user base, especially after security breaches of its competitors. However, a new malvertising campaign impersonating Bitwarden was recently spotted by Bitdefender Labs.

FritzFrog-malware-1-1024x705 Beware of Fake Bitwarden Ads on Facebook. Here is a quick look at the problem.
A computer screen with program code warning of a detected malware script program. 3d illustration

The Deceptive Malvertising Campaign Unveiled

The campaign, which launched on November 3, 2024, uses Facebook ads to warn users that they are using an outdated version of Bitwarden and need to update the program immediately to secure their passwords. The link included in the ad directs users to a fake website that closely resembles Google’s official Chrome Web Store. The landing page features an “Add to Chrome” button, but instead of installing the extension automatically, users are prompted to download a ZIP file from a Google Drive folder.

Risky Installation Process and Its Consequences

This manual installation process requires enabling “Developer Mode” on Chrome and sideloading the extension, effectively bypassing security checks. Once installed, the extension registers as “Bitwarden Password Manager” version 0.0.1 and requests permissions to intercept and manipulate user activities. It collects Facebook cookies, particularly the “c_user” cookie containing the user ID, and transmits sensitive data to a Google Script URL controlled by the attackers.

Safeguard Your Bitwarden Account: Tips and Tricks

To mitigate this risk, Bitwarden users are advised to ignore ads prompting extension updates, as Chrome extensions are automatically updated when the vendor releases a new version. Extensions should only be installed via Google’s official web store or by following links from the project’s official website.

Exploiting Trusted Platforms: A Closer Look

The campaign highlights how threat actors exploit trusted platforms like Facebook to lure users into compromising their own security. By masquerading as a reputable tool and imitating urgent update notifications, cybercriminals gain access to valuable personal and business information.

Insights and Actions from Bitdefender Labs

Bitdefender Labs’ research provides a clearer understanding of the evolving tactics used in these types of attacks. The campaign specifically targets consumers aged 18 to 65 across Europe and has already been served to thousands of users. If left unchecked, this campaign could scale globally, affecting users worldwide.

Stay Safe: Conclusion and Key Takeaways

In conclusion, users must remain vigilant and cautious when encountering ads prompting software updates, especially from unknown sources. Always verify the authenticity of the source and check the requested permissions before installing any extensions. By staying informed and proactive, users can better protect themselves from such malicious campaigns.


You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it

Share this content:

Post Comment