Researchers discovered a new malware that fakes legitimate Google Drive extensions to inject malicious scripts and steal cryptocurrency. The new Rilide malware targets Chromium-based browsers like Google Chrome, Microsoft Edge, Brave, and Opera.
New Rilide Malware
“The Rilide malware masquerades as a legitimate Google Drive extension and allows threat actors to perform a wide range of malicious activities, including tracking browsing history, taking screenshots, and injecting malicious scripts to withdraw money from various cryptocurrency exchanges,” it said. Trustwave SpiderLabs research in a report shared with The Hacker News.
Using forged dialogs, the malware lures unsuspicious users to disclose their two-factor authentication (2FA). The next step is to steal their cryptocurrencies.
This leaked code can swap cryptocurrency wallet addresses from the clipboard with the attacker’s address. Moreover, the C2 address embedded in the Rilide code can identify GitHub repositories belonging to a user named gulantin, which contains the extension’s loader.
When it comes to protecting yourself from malicious browser extensions, the best antivirus software can help prevent you from becoming infected with malware or having your data stolen. Likewise, the best identity theft protection services can help you regain lost funds stolen by hackers and restore your identity if it’s stolen.
Indicators of Compromise
0e31ff6406b03982581246b7dd60f3b96edcf0bd007b31766954df001fd68f69
e049f56198c23d86e9083142bfe80042e21d4b8e
558104b26ccadec3d3eb2925113387a6
0f11aeecbde1f355d26c9d406dad80cb0ae8536aea31fdddaf915d4afd434f3f
b4b918a5898463dad1c7d823e0b3f828bac15aad
0a4f321c903a7fbc59566918c12aca09
Leave A Comment