One of the Rilide samples identified by Trustwave SpiderLabs was distributed through a malicious Microsoft Publisher file.
Infection Chains Leading to the Execution of the Rilide Extension Campaign 1: Ekipa RAT Installing Rilide Stealer SpiderLabs uncovered two malicious campaigns leading to the installation of the Rilide extension.įigure 1. Malicious Campaigns Leading to Rilide Stealer Extension Additionally, we found that part of its source code was recently leaked on an underground forum due to a payment dispute. During our investigation into Rilide’s origins, we uncovered similar browser extensions being advertised for sale. Where this malware differs is it has the effective and rarely used ability to utilize forged dialogs to deceive users into revealing their two-factor authentication (2FA) and then withdraw cryptocurrencies in the background. Rilide is not the first malware SpiderLabs has observed using malicious browser extensions. Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a broad spectrum of malicious activities, including monitoring browsing history, taking screenshots, and injecting malicious scripts to withdraw funds from various cryptocurrency exchanges. Trustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, which targets Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera.
0 kommentar(er)
