Malicious Facebook Ads Target Bitwarden Users With Fake Security Update

Revealed a Facebook ad campaign tricking Bitwarden users into installing malware, collecting personal and business data via fake updates.

Bitdefender Labs has uncovered a new cyber attack targeting users of the popular password manager, Bitwarden.

This malicious campaign, which began on November 3, 2024, uses deceptive Facebook ads to trick users into installing harmful browser extensions. The ads, which appear to be legitimate, urge users to update their Bitwarden extension due to a supposed security issue.

Bitdefender explains that the campaign begins with a fake ad on Facebook, which creates a sense of urgency by using Bitwarden’s branding and alarming language like “Warning: Your Passwords Are at Risk!”

When users click on the ad, they are redirected to a fraudulent website that mimics the official Chrome Web Store.

On this site, users are prompted to download an extension by clicking a link to a Google Drive file. This file contains a zip archive that, when unzipped, installs the malicious extension.

The installation process bypasses the browser’s security features, says Bitdefender. Users are tricked into enabling Developer Mode and manually loading the extension into their browser.

Once installed, the extension gains extensive permissions, allowing it to monitor and modify the user’s online activities.

Bitdefender says that the malware particularly targets Facebook accounts, collecting personal information, business details, and even credit card information tied to Facebook’s ad accounts.

Once installed, the malware starts to harvest Facebook cookies and other sensitive data. It then transmits the stolen information to a server controlled by the attackers. This data could lead to financial losses for individuals and businesses whose Facebook accounts are targeted.

To protect against this type of attack, Bitdefender suggests that users should avoid installing extensions from unofficial sources, especially those promoted through ads on social media.

Always update extensions through trusted sources like the Chrome Web Store, and carefully review the permissions requested by any extension. Users should also be cautious about any ad that creates a sense of urgency or asks for immediate action.