Researchers flag information-stealing malware disguised as Bitwarden
Security researchers at cybersecurity firm Proofpoint have uncovered a new strain of malware designed to steal valuable information from unsuspecting Windows users. The malware which has been dubbed ZenRAT was being distributed through a fake website resembling the legitimate Bitwarden website.
Additionally, the hackers used bitwariden(.)com as the domain name to avoid raising suspicion. Read the name again in case you didn’t notice what’s wrong with it.
The researchers have said that the malware appears to target Windows users exclusively. When Linux and Mac users attempted to download Bitwarden from the malicious site, they were redirected to the official Bitwarden download page
Once deployed successfully on a victims computer, the malware covertly gathers a wealth of sensitive information including browser data, login credentials, and details about the infected host. More specifically, the malware collects CPU name, GPU name, OS version, installed RAM, IP address and gateway, installed antivirus software, and a list of installed applications.
This information can easily be used to create a unique digital fingerprint of the compromised system. This digital fingerprint allows the bad actors to pose as legitimate users, potentially gaining unauthorized access to accounts and services with the victim's credentials.
While the researchers have yet to determine precisely how potential victims land on the counterfeit Bitwarden site, past incidents suggest that phishing campaigns utilizing Google ads have been used to target Bitwarden users specifically.
In light of these discoveries, cybersecurity experts and organizations are urging users to exercise extreme caution when downloading software or accessing websites. Always download applications from official and verified sites. You should also regularly update your security software and practicing good online hygiene, such as using strong, unique passwords and enabling two-factor authentication whenever possible.