Security Malware and Virus Antivirus
Rilide è un'estensione fasulla di Google Drive per i browser basati su Chromium che può rubare le criptovalute, intercettando anche il codice 2FA.
Trustwave researchers have discovered a Chromium-based browser extension that accesses history, takes screenshots, and steals cryptocurrencies using scripts injected into web pages. Rilide is distributed through two separate campaigns and disguised as an add-on for Google Drive. Fortunately, malware is detected and blocked by most antivirus programs.
Protect all devices with Avast Premium Security
Rilide bypasses two-factor authentication
Trustwave experts have identified two ways to deploy Rilide. The first uses a publisher file, inside which there is a macro that downloads the Ekipa RAT and then the Rilide loader. The second uses the Aurora info-stealer (available on infected sites advertised with Google Ads) to download the malware.
The loader loads the fake extension in Chromium-based browsers (Chrome, Edge, Brave, and Opera). Rilide performs an XSS attack and loads external resources. A script running in the background then fetches a list of domains from the C2 server (command and control). If the user visits one of the domains, the malware injects into the web pages the code that allows them to steal credentials and cryptocurrencies.
When the unsuspecting victim withdraws cryptocurrencies, Rilide intercepts the authentication code request in two factors, which is then used by cybercriminals to complete the transaction. Cryptocurrencies obviously end up in the wrong wallet.
Trustwave says the next Manifest v3 for extensions should limit the risks, but similar security issues will not be completely eliminated.
This article contains affiliate links: purchases or orders made through such links will allow our site to receive a commission. Offers may be subject to price changes after publication.
Secure your devices: discover all offers .
Source: Trustwave
I would like to thank you for the efforts you have put in penning this blog. I really hope to see the same high-grade blog posts by you in the future as well. In truth, your creative writing abilities has encouraged me to get my own website now 😉