Malwarebytes researchers have found a more direct way to get at your login credentials by phishing for popular password manager 1Password, as well as using Google sponsored ads to trick people into downloading malware.

As part of this scheme, threat actors behind the Angler exploit kit were using a website to lure users into downloading a piece of software that was pitched as a way to run the 1Password file manager on Microsoft Windows.

The attackers used Google AdWords and sponsored ads that linked out to other sites and drew in victims for this particular campaign. The use of these paid ads could help keep the bad guys' activity under the radar - or at least less obvious. Fear not, though, as Malwarebytes researchers found it anyway.

"This particular campaign was highly targeted, with a combination of high quality landing pages and carefully constructed downloads. The attackers have done an excellent job at trying to hide their activities from being detected," say Malwarebytes. "High quality landing pages are rare - but it is often the case that the best way for this is by making sure that there is no way for users to proceed beyond them."

The researchers say that this campaign was able to use Google AdWords sponsored ads to direct people towards malicious downloads and into installing malware on their machines with the subsequent phishing attempt.

‍

Source: Google sponsored ads malvertising targets password manager - AlienVault - Open Threat Exchange