- Nov 10, 2017
- 3,250
Bitwarden password vaults targeted in Google ads phishing attack
Bitwarden and other password managers are being targeted in Google ads phishing campaigns to steal users' password vault credentials.
Bitwarden password vaults targeted in Google ads phishing attack
- Thread starter CyberTech
- Start date
- Jun 14, 2011
- 1,856
Yes, it's BW's turn now. Will increasing BW's KDF to 600 000 and longer length passwords help in preventing?
Last edited:
- Apr 6, 2016
- 440
as long as it's in the "targeted" stage, it's fine i'd say
not everything "targeted" suffered breaches
not everything "targeted" suffered breaches
- Nov 26, 2017
- 729
I do not believe that.Yes, it's BW's turn now. Will increasing BW's KDF to 600 000 and longer length passwords help in preventing?
It is indicated through a fake website in my interpretation.
Last edited:
- Jan 21, 2018
- 814
Not just BW, the article refers to "..and other password managers.."; almost inevitable I believe, once it became obvious how much personal data could be stolen from PW Managers other ones are what I'd go after if I was a hacker.Yes, it's BW's turn now. Will increasing BW's KDF to 600 000 and longer length passwords help in preventing?
Anyone here knows if anti-keyloggers like Hitmampro.alert or Keyscrambler could protect from this?
Last edited:
- Nov 26, 2017
- 729
The page at 'bitwardenlogin.com' was an exact replica of the legitimate BitWarden Web Vault Login page, as seen below....
...In our tests, the phishing page will accept credentials and, once submitted, redirect users to the legitimate Bitwarden login page...
Maybe I’m missing. But I don’t think that answers my question.
If you were to go to the phishing page and entered your “correct” login info, would keyscrambler scramble that info so that bad guys only get an “incorrect” login info?
- Nov 26, 2017
- 729
Nope because basically you are giving the right info to the bad guys. The anti-keylogger has nothing to do with that otherwise you couldn't login into any site if you were using anti-keylogger. This is a very old trick of getting login info. That's why I use bookmarks or URL's from password managers. This plus DNS is my solution.
- Jun 14, 2011
- 1,856
In this case simple adblocker can easily protect users from this kind of harmful ads.
- Feb 26, 2021
- 949
Right. But I meant more of in a general sense. There's a script that can be run that'll export all your keepass passwords to an unencrypted file. Exploits like that, or this birtwarden one, can be mitigated in large part by common sense. Those that cannot, some sort of anti-executable may be in order. In that way, the creator of keepass was right.
- May 13, 2017
- 2,638
Does not pretty much any PW allow to autofill only on a legitimate domain? Unless a script runs the legitimate domain in an iframe and then copies the credentials from there?
So in this case using PW rather then typing the credentials yourself could have actually prevented phishing? And those who type such a sensitive info surely check the certificate?!
- Nov 26, 2017
- 729
Sorry for the late reply.
Yes you are right. However, if the extension in the browser does not work properly (which can happen), then the user has to manually enter the data. When I used an extension, I wasn't afraid of such attacks, because the situation you described was in place
This is a type of attack that only works in certain cases, but it is still quite common unfortunately.
Similar threads
