New Rilide Malware Targeting Chromium-Based Browsers to Steal Cryptocurrency
Apr 04, 2023
Browser Security / Cryptocurrency
Chromium-based web browsers are the target of a new malware called Rilide that masquerades itself as a seemingly legitimate extension to harvest sensitive data and siphon cryptocurrency. "Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a broad spectrum of malicious activities, including monitoring browsing history, taking screenshots, and injecting malicious scripts to withdraw funds from various cryptocurrency exchanges," Trustwave SpiderLabs Research said in a report shared with The Hacker News. What's more, the stealer malware can display forged dialogs to deceive users into entering a two-factor authentication code to withdraw digital assets. Trustwave said it identified two different campaigns involving Ekipa RAT and Aurora Stealer that led to the installation of the malicious browser extension. While Ekipa RAT is distributed via booby-trapped Microsoft Publisher files, rogue Google Ads act as the