Fake Bitwarden sites are pushing installers purportedly for the open-source password manager that carry a new password-stealing malware that security researchers call ZenRAT.

The malware is distributed to Windows users through websites that imitate the legitimate Bitwarden site and rely on typosquatting to fool potential victims.