Rilide Malware Targets Chromium Browsers to Steal Your Cash

Share the joy

Rilide Malware Tricks Victims to Reveal 2FA


If you happen to be looking for a browser extension for Google Chrome, Brave, Opera, and Microsoft Edge, make sure to avoid Rilide. Security researchers just discovered that this is a malicious browser extension that monitors browser activity and takes screenshots. It also steals cryptocurrency through the scripts it has injected into web pages. 

It mimics Google Drive extensions so it can hide in plain sight while it is abusing the functionalities of Chrome. 

The cybersecurity company found two different campaigns that distributed this malware. One used Google Ads and Aurora Stealer. The other one uses the Ekiza remote access trojan (RAT). 

The origin of this malicious program is not yet known. However, security company reports that it overlaps with similar extensions being sold to cybercriminals. 

Not the First

According to Trustwave

“Rilide is not the first malware SpiderLabs has observed using malicious browser extensions. Where this malware differs is it has the effective and rarely used ability to utilize forged dialogs to deceive users into revealing their two-factor authentication (2FA) and then withdraw cryptocurrencies in the background. During our investigation into Rilide’s origins, we uncovered similar browser extensions being advertised for sale. Additionally, we found that part of its source code was recently leaked on an underground forum due to a payment dispute.”

To activate it, you need to initiate a cryptocurrency withdrawal request. You should use an exchange service targeting Rilide.

Once activated, it will jump in at the right time to inject the script and process your request automatically. A fake dialogue pops up. When you enter the code, the malware uses it to complete your withdrawal to the bad actor’s wallet address. 

You will get a withdrawal request email to trick you into providing your authorization code. 

How to Avoid These Malware Google Extensions? 

You should only install extensions from trusted sources. It means that you must only download them from Chrome Web Store or reputable sources. Do not in any way download extensions from unknown websites. 

It is also pertinent that you check reviews and ratings of the extensions before downloading them. This will ensure that other users have had a positive experience with it. 

No matter how boring the terms and conditions are, make sure to read them. You should also read the permissions carefully when installing extensions. These permissions are necessary for them to function. But read them carefully. 

Keep them updated to ensure that they are updated to the latest version. Updates include security patches and bug fixes. 

If there are extensions that you no longer use, make sure to delete them or uninstall them. This will lower the risk of them being compromised or used maliciously. 

On the other hand, if you are using a Mac, you may consider Safari. Apple has implemented several security features that can help reduce the risk of malware infections. 

It is vital that you follow safe browsing practices no matter what browser you are using. It includes being cautious when downloading files. Make sure to avoid suspicious websites.

Share the joy

Author: Jane Danes

Jane has a lifelong passion for writing. As a blogger, she loves writing breaking technology news and top headlines about gadgets, content marketing and online entrepreneurship and all things about social media. She also has a slight addiction to pizza and coffee.

Share This Post On