IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Bitwarden users raise alarm over 'highly convincing' Google malvertising risks

The volume of fake ads impersonating popular software has increased significantly in recent months

Bitwarden customers have raised concerns that malicious Google ads were being used to target users with malware-laden websites and dupe them into divulging login details.  

Rumblings of fake Bitwarden ads first emerged on the company’s official forum earlier this week, with one user revealing they had encountered a malicious website promoted on the search engine.  

The site attempted to impersonate the official Web Vault login feature for the password manager.  

Prashant Gonga, the user that first highlighted the issue, said they reported the ad with the domain registrar and called on the Bitwarden compliance team to investigate the problem.  

“The phishing page is very similar to the vault login page, along with an SSL certificate and similar-sounding domain name to make it look legit,” they said.  

“I hope Bitwarden can take down this domain before someone gets their account compromised.” 

Fake Bitwarden site alongside legitimate login page

The fake and legitimate Bitwarden pages were virtually indistinguishable


Users on the Bitwarden subreddit also flagged the issue in two separate posts, with some noting that the fake and legitimate websites were virtually indistinguishable. 

“God damn. In situations like this, how can I detect the fake one? This is truly scary,” one post on the subreddit said.  

Another post issued a warning to users and advised them to report the malicious link to Google. 

While the fake website highlighted by users appears to have been taken down at this stage, this follows similar instances of threat actors using malicious ads to target password manager customers.  

Just this week, security researchers discovered that Google results for another popular password manager, 1Password, were showing malicious ads. The issue prompted the company to issue a warning to users via social media urging them to remain vigilant and avoid clicking dubious links.  

“It’s come to our attention that some websites are posing as 1Password,” the company said. “Remember to act cautiously when clicking links and sharing credentials or personal information online. Ensure that any link directs you to our website.” 

Growing malvertising risks 

The issue of malvertising, whereby malicious software or links are disguised as legitimate ads, has been thrust firmly into the spotlight in recent weeks.  

Earlier this month, cryptocurrency influencer ‘NFT God’ revealed on Twitter that they mistakenly downloaded a malicious link for streaming software OBS.  

After attempting to download the software via a malicious link on the website, the victim’s Substack and Twitter accounts were hacked and their NFT wallet was stolen.  

The scale of this issue was further highlighted by security researcher, Will Dormann, who revealed that the fake OBS promotion was just one of a number of malicious ads present on Google at the time. 

Security experts at the time questioned why Google couldn't screen links in paid advertisements in the Virus Total platform owned by the tech giant.

Asked about its plans to rectify the persistent issue and the idea of running links through Virus Total, Google declined to provide comment on the matter to IT Pro.

Related Resource

Technology Ecosystem benchmark report

The evolution of the IT industry

Whitepaper cover with dark background image of a pin in a map over EuropeFree Download

Since the case of malvertising involving OBS was raised, Dormann continued to highlight the issue affecting numerous other popular applications used by consumers and businesses alike.

Research from HP Wolf Security Threat Research Team found that malvertising campaigns have consistently grown in both volume and sophistication. Popular software such as Audacity, Microsoft Teams, Discord, and Adobe Creative Cloud have all been mimicked in recent months to dupe users.

David Emm, Principal Security Researcher at Kaspersky urged web users to be cautious when looking at search results amidst the rising issue of malvertising. 

“Those using the web to search for products and services should educate themselves about the potential dangers of clicking on random links,” he said. 

“In particular, they should be cautious when looking at search results and avoid blindingly clicking on links without checking first. It’s not always easy to tell legitimate from fake ads.

“That’s why it’s important not to click blind on popup ads. It’s much better to type in the address of the vendor yourself – to avoid being redirected to a fake site – and look there for the offers they have.”

Featured Resources

IT best practices for accelerating the journey to carbon neutrality

Considerations and pragmatic solutions for IT executives driving sustainable IT

Free Download

The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize

Free download

Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation

Free Download

The strategic CFO

Why finance transformation propels business value

Free Download

Most Popular

HMRC lost nearly 50% more devices in 2022

HMRC lost nearly 50% more devices in 2022

17 Mar 2023
The big PSTN switch off: What’s happening between now and 2025?

The big PSTN switch off: What’s happening between now and 2025?

13 Mar 2023
Outlook zero day patch causes headaches for Windows admins

Outlook zero day patch causes headaches for Windows admins

15 Mar 2023