More sophisticated Rilide stealer version emerges

Chromium-based web browsers are being targeted by a new more sophisticated version of the Rilide stealer malware, which has been upgraded to enable stolen data and cryptocurrency exfiltration to interval-based screenshot captures or a Telegram channel, according to The Hacker News. Trellix researchers reported that attackers behind Rilide have updated the malware, which was initially detailed in April, to circumvent malicious extension installation performed by Google's Chrome Extension Manifest V3, while leveraging inline events to facilitate malicious JavaScript code execution. Other threat actors could have also continued Rilide development following the exposure of the malware's source code in February. Three attack campaigns distributing Rilide have been discovered, the first two of which were conducted through PowerPoint and Twitter lures, while the other campaign whose initial vector remains a mystery involved a PowerShell loader to trigger Secure Preferences file changes, said the report. Further review revealed that Rilide's command-and-control domain was associated with websites deploying the IcedID, Bumblebee, and Phorpiex malware strains.