Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Rilide Malware Presents Chromium Threat

August 4, 2023
Reading Time: 2 mins read
in Alerts
Rilide Malware Presents Chromium Threat

Cybersecurity researchers have discovered a dangerous new malware called Rilide that specifically targets Chromium-based web browsers, presenting a significant threat to users’ sensitive data and cryptocurrency holdings. The malware showcases a higher level of sophistication with its modular design, code obfuscation, and adaptation to the Chrome Extension Manifest V3.

Moreover, it possesses advanced features, such as exfiltrating stolen data to a Telegram channel and capturing screenshots at regular intervals. Trustwave security researcher Pawel Knapczyk reported that the malware was first documented in April 2023 and is being sold on dark web forums by an actor known as “friezer” for a hefty price of $5,000.

Rilide is capable of deploying rogue browser extensions through two different attack chains that utilize Ekipa RAT and Aurora Stealer. These malicious extensions enable data theft and cryptocurrency pilferage, giving the threat actors control over browsing history, cookies, login credentials, and the ability to inject malicious scripts for cryptocurrency exchange fund withdrawal. The updated version of Rilide adopts the controversial Chrome Extension Manifest V3, which restricts extensions’ access to remote JavaScript code execution, resulting in a complete refactor of the malware’s core capabilities. Instead, Rilide employs inline events to execute malicious JavaScript code.

To propagate the malware, Rilide impersonates Palo Alto Networks’ GlobalProtect app, deceiving unsuspecting users into installing the malicious extension in three different campaigns. The attacks are specifically aimed at users in Australia and the U.K., and the threat actors employ vishing tactics to guide potential targets into installing the malware through bogus landing pages that host legitimate AnyDesk remote desktop software. Additionally, Rilide uses a PowerShell loader to modify the browser’s Secure Preferences file, ensuring the extension remains permanently loaded.

Further analysis of the malware’s command-and-control (C2) domain reveals connections to a larger pool of websites associated with the distribution of various other malware strains, including Bumblebee, IcedID, and Phorpiex. The potential for other threat actors to have picked up the development efforts of Rilide is also a concern, as the malware’s source code was leaked in February 2023.

This discovery highlights the pressing need for vigilant cybersecurity measures and emphasizes the importance of staying updated on the latest security patches and practices to protect against evolving threats like Rilide.

Reference:
  • New Rilide Stealer Version Targets Banking Data and Works Around Google Chrome Manifest V3
Tags: August 2023ChromiumCryptocurrencyCyber AlertCyber Alerts 2023CyberattackCybersecurityMalwareRilideSensitive dataVulnerabilities
ADVERTISEMENT

Related Posts

Open VSX Flaw Allowed Extension Hijacks

Open VSX Flaw Allowed Extension Hijacks

June 27, 2025
Open VSX Flaw Allowed Extension Hijacks

nOAuth Flaw Allows Easy Account Takeover

June 27, 2025
Open VSX Flaw Allowed Extension Hijacks

Unpatchable Flaw In Hundreds Of Printers

June 27, 2025
New Malware Uses Prompts To Trick AI Tools

Fake Job Offers Hide North Korean Malware

June 26, 2025
New Malware Uses Prompts To Trick AI Tools

New Malware Uses Prompts To Trick AI Tools

June 26, 2025
New Malware Uses Prompts To Trick AI Tools

New Zero Day Flaw Hits Citrix NetScaler

June 26, 2025

Latest Alerts

nOAuth Flaw Allows Easy Account Takeover

Unpatchable Flaw In Hundreds Of Printers

Open VSX Flaw Allowed Extension Hijacks

Fake Job Offers Hide North Korean Malware

New Malware Uses Prompts To Trick AI Tools

New Zero Day Flaw Hits Citrix NetScaler

Subscribe to our newsletter

    Latest Incidents

    Hawaiian Airlines Hit By Cyberattack

    Qilin Ransomware Gang Hacks Estes Freight

    Generali Customer Data Exposed In Hack

    Resupply DeFi Protocol Hacked For $9.6M

    Cyberattack Hits South Tyrol Emergency Ops

    UK’s Glasgow City Council Hit By Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial