Fake Bitwarden installation packages delivered RAT to Windows users

2023-09-27 08:43

Windows users looking to install the Bitwarden password manager may have inadvertently installed a remote access trojan.

A malicious website spoofing Bitwarden's legitimate one has been offering fake installation packages containing the ZenRAT malware.

The spoofed website and the booby-trapped Bitwarden installer was offered for download only to Windows users; Mac and Linux users were shown a different version of the landing page.

"The website instead masquerades as the legitimate website opensource.com, going so far as to clone an article from opensource.com by Scott Nesbitt, about the Bitwarden password manager. Additionally, if Windows users click download links marked for Linux or MacOS on the Downloads page, they are instead redirected to the legitimate Bitwarden site, vault.bitwarden.com," Proofpoint researchers shared.

If the user clicks on the Windows download button, the fake installer gets downloaded on their device.

In the past, fake software installers have been delivered via SEO poisoning, adware bundles, or via email.

News URL

https://www.helpnetsecurity.com/2023/09/27/windows-bitwarden-rat/

#RAT #windows