Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Rilide Malware Presents Chromium Threat

August 4, 2023
Reading Time: 2 mins read
in Alerts
Rilide Malware Presents Chromium Threat

Cybersecurity researchers have discovered a dangerous new malware called Rilide that specifically targets Chromium-based web browsers, presenting a significant threat to users’ sensitive data and cryptocurrency holdings. The malware showcases a higher level of sophistication with its modular design, code obfuscation, and adaptation to the Chrome Extension Manifest V3.

Moreover, it possesses advanced features, such as exfiltrating stolen data to a Telegram channel and capturing screenshots at regular intervals. Trustwave security researcher Pawel Knapczyk reported that the malware was first documented in April 2023 and is being sold on dark web forums by an actor known as “friezer” for a hefty price of $5,000.

Rilide is capable of deploying rogue browser extensions through two different attack chains that utilize Ekipa RAT and Aurora Stealer. These malicious extensions enable data theft and cryptocurrency pilferage, giving the threat actors control over browsing history, cookies, login credentials, and the ability to inject malicious scripts for cryptocurrency exchange fund withdrawal. The updated version of Rilide adopts the controversial Chrome Extension Manifest V3, which restricts extensions’ access to remote JavaScript code execution, resulting in a complete refactor of the malware’s core capabilities. Instead, Rilide employs inline events to execute malicious JavaScript code.

To propagate the malware, Rilide impersonates Palo Alto Networks’ GlobalProtect app, deceiving unsuspecting users into installing the malicious extension in three different campaigns. The attacks are specifically aimed at users in Australia and the U.K., and the threat actors employ vishing tactics to guide potential targets into installing the malware through bogus landing pages that host legitimate AnyDesk remote desktop software. Additionally, Rilide uses a PowerShell loader to modify the browser’s Secure Preferences file, ensuring the extension remains permanently loaded.

Further analysis of the malware’s command-and-control (C2) domain reveals connections to a larger pool of websites associated with the distribution of various other malware strains, including Bumblebee, IcedID, and Phorpiex. The potential for other threat actors to have picked up the development efforts of Rilide is also a concern, as the malware’s source code was leaked in February 2023.

This discovery highlights the pressing need for vigilant cybersecurity measures and emphasizes the importance of staying updated on the latest security patches and practices to protect against evolving threats like Rilide.

Reference:
  • New Rilide Stealer Version Targets Banking Data and Works Around Google Chrome Manifest V3
Tags: August 2023ChromiumCryptocurrencyCyber AlertCyber Alerts 2023CyberattackCybersecurityMalwareRilideSensitive dataVulnerabilities
ADVERTISEMENT

Related Posts

New Linux Flaws Allow Easy Root Access

New Linux Flaws Allow Easy Root Access

June 18, 2025
New Linux Flaws Allow Easy Root Access

Langflow Flaw Delivers Flodrix DDoS Botnet

June 18, 2025
New Linux Flaws Allow Easy Root Access

Google Fixes GerriScary Supply Chain Flaw

June 18, 2025
Water Curse Group Hits Developers Via GitHub

Water Curse Group Hits Developers Via GitHub

June 17, 2025
Water Curse Group Hits Developers Via GitHub

XDSpy Exploits Windows LNK Zero Day

June 17, 2025
Water Curse Group Hits Developers Via GitHub

CISA Warns Of Apple Zero Click Exploit

June 17, 2025

Latest Alerts

New Linux Flaws Allow Easy Root Access

Google Fixes GerriScary Supply Chain Flaw

Langflow Flaw Delivers Flodrix DDoS Botnet

Water Curse Group Hits Developers Via GitHub

XDSpy Exploits Windows LNK Zero Day

CISA Warns Of Apple Zero Click Exploit

Subscribe to our newsletter

    Latest Incidents

    Scania Insurance Data Stolen In Partner Hack

    Pro Israel Group Claims $81M Nobitex Hack

    Hacker Sells Data Of 1M Cock.li Users

    Zoomcar Data Breach Hits 8.4 Million Users

    Qilin Gang Leaks Asefa FC Barcelona Data

    Gunra Claims 45TB Hack On Colombia Justice

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial