Criminals have been found impersonating popular password managers LastPass and Bitwarden online in an attempt to trick users into sharing their login credentials, and thus access to a treasure trove of passwords and other secrets.
LastPass recently issued a warning to its customers, raising awareness of the ongoing phishing campaign.
However the scam also now seems to have spread to other password managers, with Bitwarden customers also apparently being targeted.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Phishing template uses fake fonts to decode content and evade detection
January 3, 2019
Proofpoint researchers recently observed a phishing kit with peculiar encoding utilized in a credential harvesting scheme impersonating a major retail bank. While encoded source code and various obfuscation mechanisms have been well documented in phishing kits, this technique appears to be unique for the time being in its use of web fonts to implement the encoding. When the ...
- Charming Kitten Iranian Espionage Campaign Thwarts 2FA
December 17, 2018
The campaign targets politicians involved in economic and military sanctions against Iran, along with various journalists and human rights activists. A range of political and civil society targets are under fire in an APT attack dubbed the Return of Charming Kitten. The campaign has been tailored to get around two-factor authentication in order to compromise email ...
- Old-School Bagle Worm Spotted in Modern Spam Campaigns
December 10, 2018
Fresh mass-email campaigns spreading the long-running Bagle worm have recently been spotted, affecting Microsoft Windows machines. These appear to be a throwback to an earlier time. Also referred to as Beagle, Bagel contains a backdoor that listens on TCP port 6777 which is hardcoded in the worm’s body. This backdoor component provides remote access to the ...
- GreyEnergy APT Delivers Malware via Phishing Attacks and Multi-Stage Dropper
November 27, 2018
The highly complex backdoor malware payload designed by the GreyEnergy advanced persistent threat (APT) group is being dropped on targeted machines using the common phishing infection vector as detailed by Nozomi Networks’ Alessandro Di Pinto. GreyEnergy attacked and infiltrated the networks of multiple critical infrastructure targets from Eastern Europe, from Poland and Ukraine, with other objectives ...
- Emotet Returns with Thanksgiving Theme and Better Phishing Tricks
November 20, 2018
After a short break, Emotet malware has been observed concealed in documents delivered through emails that pretended to be from financial institutions or disguised as Thanksgiving-themed greetings for employees. In early October, Emotet activity dropped off the radar, only to come back towards the end of the month with a new plugin that exfiltrates email subjects and 16KB ...
- Russia’s Elite Hackers May Have New Phishing Tricks
November 20, 2018
A major question hanging over the United States midterm election season: Where was Russia? But while GRU hackersdidn’t directly interfere, they appear to be as active as ever. New research from two threat intelligence firms indicates that two prominent Russia-linked groups have been developing some clever phishing innovations, and are working purposefully to expand their reach. “There’s a lot of ramping ...

