The Trustwave SpiderLabs Research team found Rilide, a new malware that targets Chromium-based browsers. The malware masquerades as a Google Drive extension and is designed to steal sensitive data and cryptocurrencies from victims. Once infected, the virus may do various harmful operations, such as monitoring browsing history, capturing screenshots, and inserting malicious scripts. Rilide can also display bogus dialogues to deceive the user into inputting a two-factor authentication code.
Trustwave states two Rilide campaigns are active, one involving the Ekipa trojan and the other utilizing the Aurora info stealer. The malware’s origins are unknown. However, the researchers discovered a March 2022 post on a cybercrime site in which a person is offering a botnet with comparable characteristics. Due to a disagreement, some of the malware’s source code was exposed to the web, allowing the researchers to access many GitHub repositories controlled by a person known as “gulantin.” Loaders for malicious extensions may be found in these repositories.
The Rilide malware is concerning since it disguises itself as safe-looking extensions, making it difficult to detect. It is also critical to exercise caution while downloading extensions and only from reputable sites. Users should also maintain their browsers and security software up to date to protect themselves from new attacks.
Trustwave researchers advise users to examine their browser extensions and uninstall any questionable ones. They also advise a system scan using an updated antivirus solution to identify any malware attack. To guard against cyberattacks, being aware and updated about emerging risks is critical.
