A phishing campaign is impersonating LastPass and Bitwarden with phony breach notifications, BleepingComputer reports.
“An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager,” BleepingComputer writes.
“The messages direct recipients to download a binary that BleepingComputer has discovered installs Syncro, a remote monitoring and management (RMM) tool used by managed service providers (MSP) to streamline IT operations. The threat actors are using the Syncro MSP program to deploy the ScreenConnect remote support and access software.”
BleepingComputer adds, “Once ScreenConnect is installed on a device, the threat actors can remotely connect to a target’s computer and deploy further malware payloads, steal data, and potentially access the password vaults of users through saved credentials.”
Syncro has since taken action to shut down the malicious installations. LastPass also issued an advisory on the campaign, stressing that the emails are fake and the company has not been hacked.
LastPass stated, “Please remember that no one at LastPass will ever ask for your master password. Rest assured, we are working to have this domain taken down as soon as possible and at the time of publication, Cloudflare has posted warning pages in front of the site advising visitors that these sites are phishing pages. Please take the appropriate precautions and, as always, if you are ever unsure whether a LastPass-branded email is legitimate, please submit it to abuse@lastpass.com.”
AI-powered security awareness training can give your employees a healthy sense of suspicion so they can recognize social engineering tactics. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
BleepingComputer has the story.
