They have had popular password managers like LastPass and 1Password a difficult time in the last yearand open source competitor Bitwarden has quickly emerged as an ideal alternative. But with notoriety comes vulnerability: it’s the opposite of security through obscurity. Bitwarden has become so popular that it seems that some unscrupulous actors are trying to take advantage of it and hosting Google ads for fake, supposedly malicious downloads, masquerading as a security tool.
After users on Bitwarden and Reddit business forums started seeing suspicious ads (as told by Computer that plays), company representatives alerted the user base of the phishing scheme, recommending people go directly to the Bitwarden download page instead of googling it. Those who spot illegitimate ads should use Google’s built-in reporting tools to remove them.
Our review takes you to the real bitwarden site
MSRP: $0 Today’s Best Prices:
Paying legitimate ad networks to spread false information is an indictment of those networks’ lack of moderation. But it’s not new either. Earlier this year Google has posted announcements for AMD Radeon drivers which, in fact, sent users to download malware. Google’s intentionally vague labeling of text ads, which take over the top search results on virtually every major lucrative search term, doesn’t help. And Google isn’t the only culprit: I’ve personally seen similar fakes show up in top-ranked Microsoft Bing searches as well.
According to user screenshots, the Bitwarden fake is convincing, as it recreates the password manager’s login page almost pixel-perfect. The only way to spot the fake was to know the genuine URL and compare it to the fake one (“bitwardenlogin.com”, in this case). Accessing this fake page would give its owners the complete login information for your password manager, a potentially disastrous result. With Bitwarden becoming a popular tool and a frequent recommendation for less technically savvy users, it’s disheartening that Google seems to be placing the burden of policing its ad network on the shoulders of ordinary Internet surfers.