Bitwarden malvertising campaign (11-11-2025)
- Description:Malicious Google Search ad for Bitwarden
- Severity: Medium
- Reporter: Jérôme Segura
- Reported to Google: 11/11/2025
Google Search Ad
Traffic view
Decoy page
Payload
IOCs
| Cloaking domain | bitward[.]passesmanager[.]com |
| Decoy page | birwarden[.]click |
| Payload URL | genie[.]thecodelab[.]me/bitwarden_installer.exe |
| Payload SHA256 | a4f34954f535cadba717ddd6b7eb75ca575bb40f60cb908155eead4ce8b4d7d5 |