With the constant rise of cybersecurity threats, it is becoming increasingly clear that dangerous malware lurks in every corner. In a ironic twist, malware has now infiltrated PowerPoint presentations disguised as helpful guides for protecting against phishing attacks. However, the true danger lies in the fact that this malware can potentially enable attackers to empty users’ bank accounts.
According to a report by Bleeping Computer, the Rilide Stealer Chrome browser extension has emerged as a prominent threat. Selling for $5,000 to cybercriminals, Rilide is readily available and can be distributed through various means. While Chrome extensions are currently the primary source of the malware, it can affect all Chromium-based browsers, including Google Chrome, Brave, Microsoft Edge, and Opera.
In order to execute the malware, users must first download this extension. Cybercriminals have been devising new methods to deceive unsuspecting individuals into falling for their scams. Recently, Rilide has been found in phishing emails posing as legitimate VPN and firewall products. These deceptive emails discuss potential online threats and offer “guidance” on how to combat them, claiming that the Rilide extension can provide assistance.
Those who believe they are accessing a guide on adding the extension to Chrome are directed to links that lead to the malware. Once the extension is installed, attackers can exploit it to steal login credentials, bank accounts, and cryptocurrencies stored in digital wallets. Rilide utilizes injection scripts and is capable of targeting various crypto wallets, payment providers, banks, and email services.
Rilide also employs typosquatting domains to deceive users. This technique, known as URL hijacking, capitalizes on users’ mistakes when typing website addresses. For instance, a user might erroneously type “Gooogle.com” instead of “Google.com.” If a threat actor claims the mistyped address, the user will be directed to a website that appears to be a legitimate bank or payment service provider. When the user enters their account credentials, their account is susceptible to hijacking.
Researchers have identified over 1,500 such domains, some of which have been boosted in search engine rankings through SEO poisoning. Additionally, scammers have taken to Twitter to promote the extension.
One particularly intriguing aspect of Rilide is its ability to bypass the Chrome Extension Manifest V3. This set of restrictions was designed to protect users from downloading malicious extensions. However, Rilide has managed to evade these defenses.
As far as malware goes, Rilide is a major cause for concern. It not only enables hackers to empty users’ bank accounts, but it also poses a multi-faceted threat due to its active development and availability to threat actors. To remain safe, it is crucial to abide by the golden rule: never open links from untrusted sources and avoid downloading browser extensions that do not inspire trust.
Fortunately, it appears that Rilide primarily targets enterprise users and cryptocurrency owners. However, it is still wise to remain vigilant and watch out for any suspicious extensions.
Editors’ Recommendations
Denial of responsibility! TechCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
Alex Smith is a writer and editor with over 10 years of experience. He has written extensively on a variety of topics, including technology, business, and personal finance. His work has been published in a number of magazines and newspapers, and he is also the author of two books. Alex is passionate about helping people learn and grow, and he believes that writing is a powerful tool for communication and understanding.
