Topic: Facebook Ads
By Don Trauger – Kennett
You probably know that you shouldn’t trust everything you see on the Internet and that includes
Facebook. Remember that this advice extends to the advertising as well.
Ads on Facebook have been used by hackers to spread fake Bitwarden password manager
extensions for Chrome, which are infected with dangerous phishing tools.
That’s according to Bitdefender, a reputable anti-virus company, which details its investigation
in a new blog post. According to the researchers, ads on Facebook pretended to offer Bitwarden,
one of the most popular password managers on the market. The advertising indicates, falsely,
that the viewer is “using an outdated version of Bitwarden” and that they must update it now to
stay protected from “cyber threats.”
The ad was detected recently on November 3, 2024, specifically targeting users in Europe.
Once users click on the ad, they’re redirected to a phony page that imitates the Chrome Web
Store and the legitimate Bitwarden extension download page. But instead of the rather smooth
process for installing officially supported Chrome extensions, they’re sent to a Google Drive
page with a ZIP file to download. The page then guides the user through installing the fake
Bitwarden in Chrome’s Developer Mode, an elevated privilege state that’s similar to an admin
account in Windows. The user is then instructed to load up the fake extension manually.
From there, the fake Bitwarden spies on the user’s activity and gathers their cookies, IP address,
and pretty much everything associated with their Facebook account, including user ID and
password, personal info, and payment info. It’s everything the hackers need for identity theft —
and depending on how much activity the user has on Facebook, a possible avenue to more direct
attacks on financial accounts.
Using a legitimate ad network to spread malware is nothing new, nor is imitating security
software to prey on internet users’ fears. From the above information you can observe that a
hacker will go to any length to steal your personal information in ways you never thought
possible.