Skip to content
Bleeping Computer

LastPass, Bitwarden users targeted with fake security alerts


LastPass is warning users about an ongoing phishing campaign that is using fake security notices to direct them to fraudulent websites.

The phishing emails are crafted to resemble legitimate corporate communications, notifying recipients of updated security policies and directing them to a landing page that impersonates DocuSign and claiming to provide a document for review.

LastPass emphasizes that its systems have not been compromised and that the phishing emails did not originate from its infrastructure, despite the attackers using domains designed to appear as legitimate company services.

image

The emails sent from ‘hello@lastpassnewsletter.com’ notify the user of alleged service policy changes in LastPass, including enhanced SaaS monitoring, master password reset options for administrators, and admin console improvements.

Malicious email
Malicious email
Source: BleepingComputer

Clicking on the ‘Review & Access Terms’ button embedded in the email takes users to a website impersonating the DocuSign service widely used for sending, signing, and managing documents electronically.

However, the domain used is lastpasscompliance[.]com, which has been flagged as malicious by Microsoft Defender for Office 365 and Cloudflare.

Fake DocuSign website
Fake DocuSign website
Source: LastPass

Although LastPass could not confirm the goal of the campaign, the company says that the fake site prompts the user to download a file claiming to support both Windows and macOS.

The site offers live support through a chat box, but it is unclear if it is functional. At the time of writing, the malicious website has been taken offline.

BleepingComputer has found that Bitwarden users are targeted by similar emails sent from ‘hello@bitwardennewsletter.com’ and redirecting them to bitwardencompliance[.]com.

Email targeting Bitwarden users
Email targeting Bitwarden users
Source: BleepingComputer

In March, LastPass warned about fake unauthorized account access alerts impersonating the password service, targeting users with fabricated communication threads designed to increase urgency and lead to data exposure.

Earlier, in January, LastPass users were targeted by fake alerts claiming they needed to back up their vaults within 24 hours, allegedly due to upcoming system maintenance.

LastPass has cautioned users that it will never ask users for the master password and asked them to report any suspicious communications to abuse@lastpass.com.

Users who entered credentials on phishing sites are advised to change their master passwords immediately from a trusted device and review their vaults for suspicious activity.

article image

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper



Source link