Fashionable password managers like LastPass and 1Password have had a tough time of it for the final yr, and open-source competitor Bitwarden has rapidly emerged as an excellent various. However with notoriety comes vulnerability: it’s the alternative of safety via obscurity. Bitwarden has grow to be so widespread that it seems to be like some unscrupulous actors try to benefit from it, and internet hosting Google adverts for phony, presumably malicious downloads masquerading because the safety device.
After customers on Bitwarden’s firm boards and Reddit began seeing suspicious adverts (as chronicled by Bleeping Pc), firm representatives have alerted the userbase of the phishing scheme, recommending that individuals go on to the Bitwarden obtain web page as an alternative of Googling for it. Those that spot the illegitimate adverts ought to use Google’s built-in reporting instruments to take away them.
Paying legit promoting networks to unfold faux data is an indictment of mentioned networks’ lack of moderation. But it surely’s additionally nothing new. Earlier this yr Google ran adverts for AMD Radeon drivers that have been, the truth is, sending customers to malware downloads. Google’s deliberately imprecise labeling of textual content adverts, taking the place of the primary search outcomes on just about each main, profitable search time period, doesn’t assist. And Google isn’t the one responsible celebration: I’ve personally seen related fakes displaying up in high-ranking Microsoft Bing searches, too.
In keeping with consumer screenshots, the Bitwarden faux is a convincing one, recreating the password supervisor’s login web page in an almost pixel-perfect vogue. The one method to spot the faux was by figuring out the real URL and evaluating it to the phony (“bitwardenlogin.com”, on this case). Signing into this faux web page would give its homeowners the complete login data in your password supervisor—a doubtlessly disastrous end result. Since Bitwarden is turning into a well-liked device, and a frequent advice for much less technically-savvy customers, it’s disheartening that Google seems to be placing the burden of policing its personal promoting community on the backs of normal web surfers.