A fake Bitwarden password manager lookalike site is distributing malware to unsuspecting visitors.
The fake website is a very convincing lookalike to the real Bitwarden site and has a typo squat domain name to fool potential victims. It is believed that phishing campaigns through Google ads were used to target potential victims. The fake website is only targeting windows users, users trying to download the Linux or Mac version are redirected to the official software download page. Researchers discovered that the fake Bitwarden installer is a malicious .NET executable that is a remote access trojan with information stealing features. The Bitwarden password manager has increased in popularity lately. With a growing user base, the software and its users are becoming a popular target for cybercriminals. Users should only download software directly from the trusted source, and to always check the domain hosting software downloads against domain belonging to the official website.
https://www.proofpoint.com/us/blog/threat-insight/zenrat-malware-brings-more-chaos-calm
https://www.bleepingcomputer.com/news/security/fake-bitwarden-sites-push-new-zenrat-password-stealing-malware/
This segment was created for the It’s 5:05 podcast