Hackers are using Facebook ads to spread fake Chrome password managers
You probably know that you shouldn’t trust everything you see on Facebook, perhaps doubly so now that the platform seems to be about 80 percent AI-generated slop. But remember that this advice extends to advertising as well.
Facebook ads have been used by hackers — as recently as this month — to spread fake Bitwarden password manager extensions for Chrome, which are infected with dangerous phishing tools.
That’s according to Bitdefender, which details its investigation in a new blog post (spotted by BleepingComputer). According to the researchers, ads on Facebook pretended to offer Bitwarden, one of the most popular password managers on the market. The advertising indicates, falsely, that the viewer is “using an outdated version of Bitwarden” and that they must update it now to stay protected from “cyber threats.”
I wonder if the people who make these ads are aware of the irony, or just don’t give a hoot. The campaign was detected as active as recently as November 3, 2024, specifically targeting users in Europe.
Once users click on the ad, they’re redirected to a phony page that imitates the Chrome Web Store and the legitimate Bitwarden extension download page. But instead of the rather smooth process for installing officially supported Chrome extensions, they’re sent to a Google Drive page with a ZIP file to download. The page then guides the user through installing the fake Bitwarden in Chrome’s Developer Mode, an elevated privilege state that’s analogous to an admin account in Windows. The user is then instructed to load up the fake extension manually.
From there, the fake Bitwarden spies on the user’s activity and gathers their cookies, IP address, and pretty much everything associated with their Facebook account, including user ID and password, personal info, and payment info. It’s everything the hackers need for identity theft — and depending on how much activity the user has on Facebook, a possible avenue to more direct attacks on financial accounts.
Using a legitimate ad network to spread malware is nothing new, nor is imitating security software to prey on internet users’ fears. For the sake of completeness, I’ll point out that Bitdefender is technically a competitor to Bitwarden as both companies offer password manager apps. But Bitdefender’s research has never been less than reliable, even if the company has a vested interest in selling digital protection.
Bitwarden (the real one) is pretty great, too. You can read my review of it here, and just in case you’re wondering, here’s the link to the real Chrome extension.
Further reading: Why I pay for Bitwarden Premium even though the free version rocks