In recent years, the digital landscape has seen a surge in cyber threats and attacks, with phishing schemes becoming increasingly frequent and sophisticated. Cybercriminals constantly evolve their tactics and techniques, aiming to exploit unsuspecting individuals and organizations by targeting their most valuable assets.
A new crypto virus Rilide has been spreading fear across the crypto community, as it automatically empties users’ accounts and takes their hard-earned funds.
A new strain of malware known as Rilide has been discovered by cybersecurity researchers at Trustwave SpiderLabs, targeting Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera and stealing users’ cryptocurrencies. Crypto virus Rilide masquerades as a legitimate Google Drive extension, enabling cybercriminals to conduct various malicious activities, including obtaining browsing history data, capturing screenshots, and withdrawing funds from different cryptocurrency exchanges.
The Rilide loader changes the shortcut files for the affected web browsers, allowing the malicious extension to be dumped on the vulnerable system and automatically executed when opening the browser.
Rilide’s 2FA-bypassing method is also noteworthy since it employs faked dialogs to trick victims into inputting their temporary codes. The mechanism is triggered when a victim requests a cryptocurrency withdrawal from an exchange provider that Rilide is actively attacking.
The virus injects the script in the background at just the appropriate time, automatically handling the request. Once the user inputs their code on the false window, Rilide utilizes it to finalize the withdrawal to the threat actor’s wallet address.
Similarly, if the user logs into their inbox using the same web browser, any confirmation or device authorization request emails they have received will be instantly replaced.
During their research, SpiderLabs also discovered a botnet sale advertisement from an underground forum dated March 2022, which included features such as a reverse proxy and ad clicker. The botnet’s automatic withdrawal function attacked the same exchanges observed in the Rilide samples.
Overall, Rilide illustrates the growing complexity of malicious browser extensions, which increasingly feature real-time surveillance and automated monetary theft systems.
Staying educated on the most recent cybersecurity dangers and best practices will help reduce the likelihood of falling for a phishing attempt and protect your personal information.