Cryptocurrency-stealing malware Rilide identified

Cybersecurity researchers reported the discovery of a new malware named Rilide that targets Chromium-based web browsers and gathers sensitive data while stealing cryptocurrency, according to The Hacker News. "Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a broad spectrum of malicious activities, including monitoring browsing history, taking screenshots, and injecting malicious scripts to withdraw funds from various cryptocurrency exchanges," said experts at Trustwave SpiderLabs Research. According to Trustwave, two campaigns utilizing Ekipa RAT and Aurora Stealer have been identified as using the malicious browser extension. During both attack chains, the execution of a Rust-based loader causes the browser's LNK shortcut file to be modified with the "--load-extension" command line switch allowing the add-on to be launched. The malware reportedly can generate forged dialogs to trick users into entering a two-factor authentication code when withdrawing digital assets. "The Rilide stealer is a prime example of the increasing sophistication of malicious browser extensions and the dangers they pose," researchers said.