Thursday, March 28, 2024
HomeSECURITYGoogle ads are actively used to deceive inattentive users

Google ads are actively used to deceive inattentive users

-


Google ads are actively used to deceive inattentive users

Clients of the Bitwarden service massively “pecked the bait” of the attackers.

The internationally popular password manager Bitwarden, as well as other password managers, have been the target of phishing campaigns using Google Ads. The goal of scammers is to steal all the passwords of a potential victim at once, from all services.

As more and more users need to come up with unique passwords for each site, the use of password managers has become a necessity in order not to forget login details and lose access to their accounts.

However, it is cloud-based password storage that makes user credentials more vulnerable to attacks by intruders. Recent security breaches in LastPass and NortonLifeLock showed that the master password is the weak link in all password vaults.

And more recently, phishing pages promoted using the Google Ads service have been noticed on the network. These pages target the credentials of popular password stores as well as their cookies. This data, if used correctly, will give cyber bandits full access to the vault itself and all the passwords inside.

On January 24, users of the Bitwarden password manager began seeing a fraudulent ad in Google search results. The domain used in the ad, “appbitwarden.com”, redirected users to the site “bitwardenlogin.com” when clicked. This page was an exact replica of the real Bitwarden Web Vault password manager login page.



Google search results with a fake website in the sponsor block

Most interestingly, after collecting the credentials, the phishing page redirected users to the real Bitwarden website. That is, the scammers acted as discreetly as possible, and the data collected for entering, apparently, was planned to be used in a targeted attack later.

Security researcher MalwareHunterTeam also recently discovered that Google Ads was showing similar phishing ads for another password manager, 1Password. In a word, there are a lot of questions about ad moderation by Google. Recent cybersecurity research has shown that cybercriminals have been actively using Google Ads in their malicious campaigns for a long time.

Password vaults, in essence, store the entire Internet life of the user. Therefore, it is very important not to give access to them into the hands of scammers. First of all, when entering the master key from the password manager, you should always verify the domain name. Is the site a phishing site? Better yet, set up two-factor authentication. So, even if you accidentally enter all the data to enter the vault on a phishing site, attackers still won’t get the access they need.



Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular