Hackers are targeting again Chromium based browsers Like Google Chrome, Microsoft Edge and others who use a Malware strain Designed to suck sensitive user data.
Security researchers have dubbed the malware Rilide Trustwave SpiderLabs which is explained in a New report (Opens in a new tab) It can perform a wide range of malicious activities including monitoring browsing history, taking screenshots, and stealing cryptocurrency using scripts inserted into websites.
Although the Rilide malware was spread through a fake Google Drive browser extension, the cybersecurity firm also detected another campaign abuse. Google Ads and the Aurora Stiller To load the extension using rust loader according to Computer (Opens in a new tab).
This may indicate that its creators use a Malware as a service A business model for selling Rilide to other cybercriminals who then use it in their own attacks has been since Trustwave found a post on a hacking forum in March last year advertising bots with similar capabilities.
Either way, Rilide is definitely a malware strain to look out for, especially because it’s capable of intercepting two-factor authentication (2FA) and receive both email and encryption accounts.
Chromium-based browser theft
The loader used by Rilide modifies browser shortcut files in Chrome or Edge to automate the Malicious browser extension It fell on systems infected with malware.
From here, a script runs that monitors when an infected user switches tabs with malware, receives content from the web or when a webpage finishes loading. At the same time, it also checks whether the website used by the user matches the list of targets in command and control (Copy) a server controlled by the hackers behind the campaign.
When a site matches, the malicious extension then loads additional scripts that are injected into a webpage to steal sensitive information from victims related to encryption, their email account credentials, and more.
The extension dropped by Rilide can disable a security feature called Content Security Policy which is used to protect against cross-site scripting (XSS) attacks. This allows it to load external resources that would normally be blocked by your browser.
One thing Rilide is particularly good at is… Cryptocurrency theft. It does this by using fake dialogues to trick victims into entering their temporary codes. This system is activated as soon as the victim attempts to withdraw cryptocurrency from a cryptocurrency exchange.
Surprisingly, the Rilide malware can also replace email confirmations in the victim’s inbox if they access their email using the same browser that people often use.
How to stay safe from malicious browser extensions
In its report on the matter, Trustwave SpiderLabs notes that when Google begins implementing Manifest v3 It may make it more difficult for hackers to use malicious extensions in their attacks. However, it won’t completely solve the problem since “most of the functionality that Rilide takes advantage of will still be available”.
When it comes to protecting yourself from malicious browser extensions, the The best antivirus software It can help prevent you from getting infected with malware or stealing your data. Similarly, the The best identity theft protection services It can help you recover lost funds stolen by hackers and recover your identity if it is stolen.
When installing new browser extensions, you only want to use trusted sources such as the Chrome Web Store or the Microsoft Edge Add-ons Store. It is also worth limiting the number of extensions you have installed in your browser in the same way that you want to avoid them Install unnecessary applications on your smartphone.
Given the sophistication of the Rilide malware and the malicious browser extension it uses, this likely won’t be the last time we hear of it being used by hackers in their attacks.
More Tom’s guide
[ad_2]