A recently demonstrated attack method can trick password manager browser extensions (including 1Password, Bitwarden, LastPass, and others) into revealing logins, credit card information, or 2FA codes.
No real-world attacks reported yet—but millions of users could be at risk.
- Update your extensions
- Be cautious with autofill
- Consider hardware security keys such as YubiKey, Google Titan, or Feitian
To learn more, check out New Clickjacking Method Targets Password Managers, Including 1Password Manager Catch of the Week.
If you suspect a compromise, contact: security@usc.edu or 213-740-5555 (ITS 24/7 Support)
USC Office of Cybersecurity
For more information about this and other security topics, please visit the TrojanSecure website.
Catch of the Week | Event Recordings | Contact USC Office of Cybersecurity