Malicious Facebook Ads Target Bitwarden Users With Fake Security Update

Image by Master1305, from Freepik

Malicious Facebook Ads Target Bitwarden Users With Fake Security Update

Reading time: 2 min

There is a new Facebook ad campaign that tricks Bitwarden users into installing malware, collecting personal and business data via fake updates.

In a Rush? Here are the Quick Facts!

  • Malicious ads led users to install a harmful browser extension from a Google Drive link.
  • The malware collects personal and business data, including Facebook account and payment details.
  • The attack uses browser Developer Mode to bypass security checks and install the extension.

Bitdefender Labs has uncovered a new cyber attack targeting users of the popular password manager, Bitwarden.

This malicious campaign, which began on November 3, 2024, uses deceptive Facebook ads to trick users into installing harmful browser extensions. The ads, which appear to be legitimate, urge users to update their Bitwarden extension due to a supposed security issue.

Bitdefender explains that the campaign begins with a fake ad on Facebook, which creates a sense of urgency by using Bitwarden’s branding and alarming language like “Warning: Your Passwords Are at Risk!”

When users click on the ad, they are redirected to a fraudulent website that mimics the official Chrome Web Store.

On this site, users are prompted to download an extension by clicking a link to a Google Drive file. This file contains a zip archive that, when unzipped, installs the malicious extension.

The installation process bypasses the browser’s security features, says Bitdefender. Users are tricked into enabling Developer Mode and manually loading the extension into their browser.

Once installed, the extension gains extensive permissions, allowing it to monitor and modify the user’s online activities.

Bitdefender says that the malware particularly targets Facebook accounts, collecting personal information, business details, and even credit card information tied to Facebook’s ad accounts.

Once installed, the malware starts to harvest Facebook cookies and other sensitive data. It then transmits the stolen information to a server controlled by the attackers. This data could lead to financial losses for individuals and businesses whose Facebook accounts are targeted.

To protect against this type of attack, Bitdefender suggests that users should avoid installing extensions from unofficial sources, especially those promoted through ads on social media.

Always update extensions through trusted sources like the Chrome Web Store, and carefully review the permissions requested by any extension. Users should also be cautious about any ad that creates a sense of urgency or asks for immediate action.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot
0 Voted by 0 users
Title
Comment
Thanks for your feedback
Loader
Please wait 5 minutes before posting another comment.
Comment sent for approval.

Leave a Comment

Loader
Loader Show more...