Popular password managers like LastPass and 1Password have had a rough time of it for the last year, and open-source competitor Bitwarden has shortly emerged as a perfect different. But with notoriety comes vulnerability: it’s the alternative of safety by means of obscurity. Bitwarden has change into so widespread that it appears like some unscrupulous actors are attempting to make the most of it, and internet hosting Google advertisements for phony, presumably malicious downloads masquerading because the safety software.

After customers on Bitwarden’s firm boards and Reddit began seeing suspicious advertisements (as chronicled by Bleeping Computer), firm representatives have alerted the userbase of the phishing scheme, recommending that folks go on to the Bitwarden download page as an alternative of Googling for it. Those who spot the illegitimate advertisements ought to use Google’s built-in reporting instruments to take away them.

Paying legit promoting networks to unfold pretend data is an indictment of mentioned networks’ lack of moderation. But it’s also nothing new. Earlier this 12 months Google ran ads for AMD Radeon drivers that had been, in reality, sending customers to malware downloads. Google’s deliberately obscure labeling of textual content advertisements, taking the place of the primary search outcomes on just about each main, profitable search time period, doesn’t assist. And Google isn’t the one responsible get together: I’ve personally seen related fakes exhibiting up in high-ranking Microsoft Bing searches, too.

According to person screenshots, the Bitwarden pretend is a convincing one, recreating the password supervisor’s login web page in an almost pixel-perfect trend. The solely method to spot the pretend was by realizing the real URL and evaluating it to the phony (“bitwardenlogin.com”, on this case). Signing into this pretend web page would give its homeowners the complete login data to your password supervisor—a doubtlessly disastrous final result. Since Bitwarden is turning into a preferred software, and a frequent suggestion for much less technically-savvy customers, it’s disheartening that Google seems to be placing the burden of policing its personal promoting community on the backs of normal web surfers.