Security News > 2023 > September > Fake Bitwarden sites push new ZenRAT password-stealing malware
Fake Bitwarden sites are pushing installers purportedly for the open-source password manager that carry a new password-stealing malware that security researchers call ZenRAT. The malware is distributed to Windows users through websites that imitate the legitimate Bitwarden site and rely on typosquatting to fool potential victims.
Security researchers at cybersecurity company Proofpoint discovered ZenRAT after receiving in August a sample of the malware from Jérôme Segura, Senior Director of Threat Intelligence at Malwarebytes.
Inside the fake Bitwarden installation package, Proofpoint researchers found a malicious.
NET executable that is a remote access trojan with info-stealing features they are now tracking as ZenRAT. The malicious website provides the fake Bitwarden package only to Windows users, otherwise, it redirects to a cloned page of an opensource.com article about the password manager.
The researchers don't know how potential victims land on the fake Bitwarden site but phishing campaigns through Google ads have been used in the past to target Bitwarden users specifically.
The Bitwarden password manager has increased in popularity lately as it is regarded as a better alternative to other products on the market.