BleepingComputer reports that threat actors have been spreading bogus LastPass and Bitwarden breach alerts to facilitate desktop compromise as part of a phishing campaign that has been underway since the weekend.Malicious emails purporting to be cyber incident warnings from LastPass and Bitwarden have sought to lure users into downloading a binary that stealthily installs the Syncro remote monitoring and management tool.Attackers then used Syncro to launch ScreenConnect for additional malware delivery, data theft, and password vault compromise. LastPass has vehemently denied any cybersecurity incident against its systems following the attack campaign."...[T]his is an attempt on the part of a malicious actor to draw attention and generate urgency in the mind of the recipient, a common tactic for social engineering and phishing emails," said LastPass.Such a social engineering scheme comes after 1Password users were reported to have been targeted by a phishing campaign that sought master passwords via fake security emails.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds