Feeds.4Sysops
Phishing Campaign Targets LastPass and Bitwarden Users with Fake Alerts
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A phishing campaign is targeting LastPass and Bitwarden users through fraudulent emails that mimic legitimate security notifications. These emails, sent from spoofed domains like lastpassnewsletter.com, claim to inform users of changes to security policies and prompt them to click on links leading to malicious websites. The fake sites impersonate DocuSign and aim to trick users into downloading harmful files. LastPass confirmed that their systems were not compromised, and the phishing emails did not originate from their infrastructure. Users are advised to change their master passwords if they entered credentials on these phishing sites. Similar phishing attempts were reported earlier in the year, indicating a persistent threat to users of these services. The malicious websites have since been taken offline, but the campaign remains a significant concern.
Key Points: • Phishing emails impersonate LastPass and Bitwarden, using spoofed domains. • Users are directed to malicious sites mimicking DocuSign to download harmful files. • LastPass confirms no compromise of their systems; users advised to change passwords.