DIRECTORY

  • Alerts
  • APTs
  • Blog
  • Books
  • Certifications
  • Cheat Sheets
  • Courses
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Definitions
  • Domains
  • Entertainment
  • FAQ
  • Frameworks
  • Hardware Tools
  • Incidents
  • Malware
  • News
  • Papers
  • Podcasts
  • Quotes
  • Reports
  • Tools
  • Threats
  • Tutorials
No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
Talk To An Expert
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
Talk To An Expert
CyberMaterial
Home Alerts

Rilide Malware Presents Chromium Threat

August 4, 2023
Reading Time: 2 mins read
in Alerts

Cybersecurity researchers have discovered a dangerous new malware called Rilide that specifically targets Chromium-based web browsers, presenting a significant threat to users’ sensitive data and cryptocurrency holdings. The malware showcases a higher level of sophistication with its modular design, code obfuscation, and adaptation to the Chrome Extension Manifest V3.

Moreover, it possesses advanced features, such as exfiltrating stolen data to a Telegram channel and capturing screenshots at regular intervals. Trustwave security researcher Pawel Knapczyk reported that the malware was first documented in April 2023 and is being sold on dark web forums by an actor known as “friezer” for a hefty price of $5,000.

Rilide is capable of deploying rogue browser extensions through two different attack chains that utilize Ekipa RAT and Aurora Stealer. These malicious extensions enable data theft and cryptocurrency pilferage, giving the threat actors control over browsing history, cookies, login credentials, and the ability to inject malicious scripts for cryptocurrency exchange fund withdrawal. The updated version of Rilide adopts the controversial Chrome Extension Manifest V3, which restricts extensions’ access to remote JavaScript code execution, resulting in a complete refactor of the malware’s core capabilities. Instead, Rilide employs inline events to execute malicious JavaScript code.

To propagate the malware, Rilide impersonates Palo Alto Networks’ GlobalProtect app, deceiving unsuspecting users into installing the malicious extension in three different campaigns. The attacks are specifically aimed at users in Australia and the U.K., and the threat actors employ vishing tactics to guide potential targets into installing the malware through bogus landing pages that host legitimate AnyDesk remote desktop software. Additionally, Rilide uses a PowerShell loader to modify the browser’s Secure Preferences file, ensuring the extension remains permanently loaded.

Further analysis of the malware’s command-and-control (C2) domain reveals connections to a larger pool of websites associated with the distribution of various other malware strains, including Bumblebee, IcedID, and Phorpiex. The potential for other threat actors to have picked up the development efforts of Rilide is also a concern, as the malware’s source code was leaked in February 2023.

This discovery highlights the pressing need for vigilant cybersecurity measures and emphasizes the importance of staying updated on the latest security patches and practices to protect against evolving threats like Rilide.

Source:
  • New Rilide Stealer Version Targets Banking Data and Works Around Google Chrome Manifest V3
Tags: AlertsAlerts 2023August 2023BrowserChromiumCryptocurrencyCyberattackCybersecurityMalwareRilideSensitive dataVulnerabilities
19
VIEWS
ADVERTISEMENT

Related Posts

Evolving Threat of BunnyLoader

Evolving Threat of BunnyLoader

October 2, 2023
ASMCrypt Unveils a New Malware Loader Threat

ASMCrypt Unveils a New Malware Loader Threat

October 2, 2023
FBI Warns of Dual Ransomware Threat

FBI Warns of Dual Ransomware Threat

October 2, 2023
Bing Chatbots Vulnerable to Malware

Bing Chatbots Vulnerable to Malware

October 2, 2023

More Articles

Incidents

IT Services Provider Hit by Donut Gang

September 22, 2023
Incidents

Ransomware Group LostTrust’s Rapid Attacks

September 28, 2023
Incidents

APT IRAN Claims 4TB Data Access

September 28, 2023
Incidents

Baruch College Malware Incident Update

September 29, 2023

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Alerts
  • Incidents
  • News
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
    • Tutorials
  • Report Cyber Incident
  • GET HELP
  • Contact Us

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.