A new malware named Rilide is targeting Chromium-based web browsers by masquerading as a Google Drive extension to steal cryptocurrency and sensitive data. Rilide has the ability to monitor browsing history, take screenshots, inject malicious scripts to withdraw funds, and display fake dialog boxes to trick users into entering their two-factor authentication codes. Trustwave’s investigation traced two campaigns that installed the Rilide browser extension using Ekipa RAT and Aurora Stealer, distributed through booby-trapped Microsoft Publisher files and rogue Google Ads, respectively. While the exact origins of Rilide remain unclear, a portion of its source code has emerged on underground forums following a payment dispute. Trustwave advises caution as the upcoming enforcement of manifest v3 may make it harder for threat actors, but most of Rilide’s functionalities will still be available.
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net
Source: Trustwave SpiderLabs Research