Phishing campaigns impersonating LastPass and Bitwarden are spreading, tricking users into downloading malware-filled software. The attackers target users with fake breach notifications urging them to update their password managers. Once installed, the malware can steal data and access vaults through saved credentials.
LastPass has issued an advisory stating that the emails are fake and stressing that no one at LastPass will ask for a master password. Syncro, the remote monitoring tool used in the malicious campaign, has been taken down by its developers. Cloudflare is advising visitors to be cautious of the phishing sites.
Source: https://blog.knowbe4.com/phishing-campaign-impersonates-password-managers