Bitwarden Mac malvertising campaign (11-22-2025)
- Description:Malicious Google Search ad for Bitwarden targeting Mac users
- Severity: Medium
- Reporter: Jérôme Segura
- Reported to Google: 11/22/2025
Google Search Ad
Traffic view
Decoy page
Malicious script
IOCs
| Fake Bitwarden page | hxxps[://]sites[.]google[.]com/novapulsezone[.]com/76858-8654352/01-22-25 |
| Fake Bitwarden page | hxxps[://]bitdhrj-1jykk[.]vercel[.]app/ |
| Malicious script | hxxps[://]gutando[.]com/wallet |
| Payload URL | hxxps[://]gutando[.]com/crypto/update |
| Payload SHA256 | 360666cbda4836823af5e72418d1d5d5cfa0b3b048ab5a09b4fc20909e056d0e |