A phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, prompting recipients to download a malicious desktop application. The downloaded software installs a remote management tool called Syncro, enabling threat actors to remotely access users' computers and potentially steal sensitive information. LastPass has clarified that these claims are false and users should verify security alerts through official channels.