Threat actors have leveraged fraudulent Bitwarden security update ads on Facebook to facilitate malware deployment as part of a malvertising campaign mainly targeted at Europe, which was discovered earlier this month, Hackread reports.
Clicking on the ads including alerts on compromised passwords redirects targets to a Chrome Web Store-spoofing page, which prompts the download of the fake update in the guise of a browser extension, according to a Bitdefender report. Such extension then seeks permissions to alter network requests and access all sites, cookies, and storage. Installation of the extension also triggers a Javascript file that enables the exfiltration of critical task data and cookies, as well as Facebook personal and business details, IP addresses, and geolocation information, noted Bitdefender researchers. Organizations and individuals have been urged to be wary of ads encouraging the installation of security updates, which should instead be obtained from the vendor's official website, amid a potential expansion of such an attack campaign.
