• About Us
  • Advertise
  • Privacy & Policy
  • Disclaimer
  • Affiliate Disclosure
  • Contact Us
logo
  • Home
  • Business
  • Finance
  • Crypto
  • Metaverse
  • Games
  • Cybersecurity
  • Monitors
  • Headphones
  • Cameras
  • Cars
  • Laptops
  • Mobile
  • Tesla
  • TV
  • YouTube
  • Film
  • Sports
  • AI
  • 3D
  • Robotics
  • Apple
  • Best Deals
  • Cool Gadgets
No Result
View All Result
  • Home
  • Business
  • Finance
  • Crypto
  • Metaverse
  • Games
  • Cybersecurity
  • Monitors
  • Headphones
  • Cameras
  • Cars
  • Laptops
  • Mobile
  • Tesla
  • TV
  • YouTube
  • Film
  • Sports
  • AI
  • 3D
  • Robotics
  • Apple
  • Best Deals
  • Cool Gadgets
No Result
View All Result
logo
No Result
View All Result
Home Crypto

Rilide Malware: A Growing Threat to Crypto Exchange Users

Unmasking Rilide: A Dangerous Browser Extension

Sergio Richi by Sergio Richi
2 months ago
in Crypto, Cybersecurity
0
Rilide Malware Threat: New Virus Empties Crypto Exchange Accounts

Rilide Malware Threat: New Virus Empties Crypto Exchange Accounts. Source: Logll Tech News

0
SHARES
78
VIEWS
Share on FacebookShare on TwitterShare on WhatsApp

RelatedPosts

Millions Ethereum

Unveiling the Mind-Boggling Trend: Millions in Ethereum Sent to Random Twitter Wallets!

9 hours ago
8
Winklevoss

Winklevoss Twins Attempt Pivot After Gemini Loses Money and Employees

2 days ago
14

Cybersecurity researchers at Trustwave SpiderLabs have discovered a new strain of malware called Rilide that targets Chromium-based browsers like Google Chrome, Microsoft Edge, Brave, and Opera, stealing users’ cryptocurrencies.

  • How Rilide Outsmarts Users and Security Measures

Rilide differs from other malware strains that SpiderLabs has encountered in that it employs forged dialogs to deceive users into handing off their revealing their two-factor authentication (2FA) codes. This allows the malware to withdraw cryptocurrencies in the background without the user’s knowledge. During the investigation into Rilide’s origins, the researchers found similar browser extensions being advertised for sale and discovered that part of its code was recently released on an underground forum due to a payment dispute.

Infection Chains Leading to the Execution of the Rilide Extension
Source: Trustwave SpiderLabs
  • The Tactics Behind Rilide’s Malicious Campaigns

The researchers uncovered two malicious campaigns that lead to the installation of the Rilide extension. One such campaign involved a module that contained an encoded blob of data storing the URL for the Rilide loader.

The payload, which was hosted on Discord CDN, was saved to the %temp% directory and executed via the start-process PowerShell cmdlet.

Part of Aurora Stealer routine downloading and executing Rilide loader
Source: Trustwave SpiderLabs

Rilide leverages a Rust loader to install the extension if a Chromium-based browser is detected. The loader modifies shortcut files opening targeted web browsers, so that they are executed with the parameter –load-extension that points to the dropped malicious Rilide extension.

Rilide Stealer extension mimicking Google Drive and looking at its manifest revealing the configured permissions
Source: Trustwave SpiderLabs

The malware’s background script attaches a listener to certain events and removes the Content Security Policy (CSP) directive for all requests, allowing the extension to perform an attack and load external resources that would be blocked by the CSP without such an approach. Rilide’s crypto exchange scripts support a withdrawal function. While the withdrawals are processed in the background, the user is presented with a forged device authentication dialog to obtain their 2FA code. Email confirmations are replaced on the fly if the user enters their mailbox using the same web browser, tricking the user into providing the authorization code.

Withdrawal Requests replaced with Authorize New Device (Gmail, Binance)
Source: Trustwave SpiderLabs
TurboVPN try for free
  • Linking Rilide to Underground Forums and Botnets

In the course of their research, SpiderLabs found several stealer extensions for sale with capabilities similar to Rilide, but they were unable to definitively link any of them to the malware. They also discovered a botnet sale advertisement from an underground forum dated March 2022, which included features such as a reverse proxy and ad clicker.

The botnet’s automatic withdrawal function attacked the same exchanges observed in the Rilide samples.

  • Protecting Yourself Against Rilide and Similar Threats

Rilide serves as a prime example of the developing sophistication of malicious browser extensions and the dangers they pose. Although the upcoming enforcement of manifest v3 may pose more challenges for threat actors to operate, it is rather unlikely to solve the issue completely, as most of the functionalities leveraged by Rilide will still be available.

To protect against such threats, it is essential to remain vigilant when receiving unsolicited emails or messages, and to stay informed about the latest cybersecurity threats and safety practices to minimize the risk of falling victim to phishing attacks.

If you are able, we kindly ask for your support of Logll Tech News today. We appreciate it.

Sergio Richi

Sergio Richi
Editor, Logll Tech News

Donate DonationAlerts with QR

⭐️⭐️⭐️⭐️⭐️ Coolest Stuff

Petoi Bittle Robot Dog Robotics Kit(Construction) - Coding Robot Building Kit, Programmable Open Source, STEM/Coding/Robotics Educational Toy, 3D Puzzle Assembly, Sophisticated Motions, App Control

Petoi Bittle Robot Dog Robotics Kit(Construction) - Coding Robot Building Kit, Programmable Open Source, STEM/Coding/Robotics Educational Toy, 3D Puzzle Assembly, Sophisticated Motions, App Control

$329.00
See It
Amazon.com
as of May 20, 2023 11:20 pm
Levitating Air Bonsai Pot, Rotation Flower Planters, Magnetic Levitation Suspension Floating Pot, Potted Plant Desk Decor in Flower Pots & Planters from Home & Garden on (Light Color)

Levitating Air Bonsai Pot, Rotation Flower Planters, Magnetic Levitation Suspension Floating Pot, Potted Plant Desk Decor in Flower Pots & Planters from Home & Garden on (Light Color)

$86.99
$65.00
See It
Amazon.com
as of May 20, 2023 11:20 pm
CouchConsole Original Cup Holder Tray - Drinks & Snacks Sofa Caddy with Armrest, Table with Phone Stand- TV Remote Control Storage and Organizer - for Living Rooms, RV, and Cars, Black/Green

CouchConsole Original Cup Holder Tray - Drinks & Snacks Sofa Caddy with Armrest, Table with Phone Stand- TV Remote Control Storage and Organizer - for Living Rooms, RV, and Cars, Black/Green

$89.00
$69.99
See It
Amazon.com
as of May 20, 2023 11:20 pm
OBSBOT Tiny PTZ Webcam, AI-Powered Framing & Gesture Control, Full HD 1080p Webcam for Video Conferencing, 90-Degree Wide Angle, Low-Light Correction, Works with Zoom, Skype and More

OBSBOT Tiny PTZ Webcam, AI-Powered Framing & Gesture Control, Full HD 1080p Webcam for Video Conferencing, 90-Degree Wide Angle, Low-Light Correction, Works with Zoom, Skype and More

$199.00
$149.00
See It
Amazon.com
as of May 20, 2023 11:20 pm

Best Offer Today

TurboVPN

Conclusion: Staying Vigilant and Informed in the Face of Evolving Cyber Threats

The emergence of Rilide malware showcases the ever-evolving sophistication and persistence of cybercriminals targeting cryptocurrency users. As malicious browser extensions like Rilide continue to evolve and exploit vulnerabilities, it is critical for individuals to prioritize cybersecurity and adopt proactive measures to protect their digital assets.

Remaining vigilant when receiving unsolicited emails or messages, as well as staying informed about the latest cybersecurity threats and best practices, are essential steps in minimizing the risk of falling victim to phishing attacks and other malicious activities. By taking a proactive approach to online security, individuals can better defend themselves against the growing threats posed by malware like Rilide and safeguard their valuable digital assets.

Join Our Newsletter

Subscribe to receive our latest updates in your inbox!

Button Google News

Frequently Asked Questions

FAQs:

  • 1. What is the Rilide malware?

    Rilide is a malicious browser extension that targets Chromium-based browsers, stealing users' cryptocurrencies by exploiting vulnerabilities and bypassing two-factor authentication.

  • 2. Which browsers does Rilide affect?

    Rilide targets Chromium-based browsers like Google Chrome, Microsoft Edge, Brave, and Opera.

  • 3. How does Rilide deceive users?

    Rilide employs forged dialogs to trick users into revealing their two-factor authentication (2FA) codes, enabling unauthorized cryptocurrency withdrawals.

  • 4. How is Rilide installed on browsers?

    Rilide leverages a Rust loader to install the malicious extension if a Chromium-based browser is detected, modifying browser shortcut files to launch the extension.

  • 5. What security measures does Rilide bypass?

    Rilide bypasses Content Security Policy (CSP) directives and exploits two-factor authentication, allowing unauthorized access to cryptocurrency exchanges.

  • 6. Can Rilide access my browsing history?

    Yes, Rilide has the ability to monitor browsing history, take screenshots, and inject malicious scripts to steal funds from cryptocurrency exchanges.

  • 7. Is Rilide linked to any botnets?

    While researchers have found similarities between Rilide and some botnets, a definitive link has not been established.

  • 8. How can I protect myself from Rilide?

    Remain vigilant when receiving unsolicited emails or messages, and stay informed about cybersecurity threats and best practices to minimize the risk of falling victim to phishing attacks.

  • 9. Will manifest v3 enforcement stop Rilide?

    Manifest v3 enforcement may pose challenges for threat actors, but it is unlikely to solve the issue entirely as most functionalities leveraged by Rilide will still be available.

  • 10. Are there other similar malware threats?

    Yes, there are other malicious browser extensions with similar capabilities to Rilide, highlighting the importance of staying informed and vigilant in the face of evolving cybersecurity threats.

Previous Post

Harnessing Technology to Fortify Banks and Support Households Amid Economic Shifts

Next Post

Exxon Mobil Corp. and Pioneer Natural Resources Co. in Preliminary Acquisition Talks

Sergio Richi

Sergio Richi

Sergio Richi, the innovative mind behind Logll.com, is an esteemed authority in the realm of Cyber Security and related subjects. As the creator and owner of this digital platform, he commits himself to delivering unparalleled insights into the ever-evolving technological landscape. His work seeks to equip readers with a holistic understanding of the most recent advancements within the industry.
Sergio's expertise extends across an array of sectors, including Business, Automotive, Cutting-edge Gadgets, Laptop Evaluations, Financial Management, and the burgeoning world of Cryptocurrencies. His keen eye for details and passion for Information Security drives him to explore and unravel the intricacies of this domain, making his content indispensable for those seeking to stay informed and ahead of the curve.
Disclaimer: Please note that the content on Logll.com, encompassing news, articles, evaluations, and perspectives, is meant solely for informational and educational purposes. Although we endeavor to present accurate, current, and relevant information, we cannot assure the comprehensiveness, precision, dependability, appropriateness, or accessibility of any content featured. Read more: https://logll.com/disclaimer/

Related Posts

Millions Ethereum
Crypto

Unveiling the Mind-Boggling Trend: Millions in Ethereum Sent to Random Twitter Wallets!

9 hours ago
8
Winklevoss
Crypto

Winklevoss Twins Attempt Pivot After Gemini Loses Money and Employees

2 days ago
14
AI regulation
Crypto

Microsoft Urges Lawmakers, Companies to ‘Step Up’ with AI Guardrails

7 days ago
7
Android Fingerprint
Cybersecurity

Android Fingerprint Vulnerabilities: Unlocking Phones with $15 Equipment

7 days ago
10
MetaMask
Crypto

Tax Withholding on Crypto Transactions: MetaMask’s Updated Terms of Use

2 weeks ago
16
USDT Financial Triumph
Crypto

Tether Holdings: Unveiling Financial Stability and Prosperity Amid Criticism

2 weeks ago
17
Next Post
Exxon and Pioneer Natural Resources Discuss Potential Acquisition

Exxon Mobil Corp. and Pioneer Natural Resources Co. in Preliminary Acquisition Talks

Stay Connected

  • YouTube
  • Tiktok
  • Facebook
  • Twitter
  • Pinterest
  • Trending
  • Comments
  • Latest
Beovision Harmony OLED TV

Bang & Olufsen’s Beovision Harmony OLED TV Series: A New Standard in Luxury Viewing

May 15, 2023
best hardware wallets for bitcoin, like trezor, ledger and safepal

The Best Bitcoin and Ethereum Hardware Wallets for 2023

March 10, 2023
best laptops

Comprehensive Review: SGIN, WAICID, and ASUS ROG Strix Laptops

May 15, 2023
Apple iPhone 15 Pro Max to Feature LG-made Periscope Lens

Apple iPhone 15 Pro Max to Feature LG-made Periscope Lens

January 18, 2023
Millions Ethereum

Unveiling the Mind-Boggling Trend: Millions in Ethereum Sent to Random Twitter Wallets!

June 1, 2023
Winklevoss

Winklevoss Twins Attempt Pivot After Gemini Loses Money and Employees

May 30, 2023
National Amusements

National Amusements Secures $125M Investment from Michael Dell’s Firm

May 25, 2023
IPO

Atmus Filtration Technologies: Pioneering Filtration Solutions for Global Industries

May 25, 2023

Latest News

Millions Ethereum

Unveiling the Mind-Boggling Trend: Millions in Ethereum Sent to Random Twitter Wallets!

9 hours ago
8
Winklevoss

Winklevoss Twins Attempt Pivot After Gemini Loses Money and Employees

2 days ago
14
National Amusements

National Amusements Secures $125M Investment from Michael Dell’s Firm

7 days ago
22
IPO

Atmus Filtration Technologies: Pioneering Filtration Solutions for Global Industries

7 days ago
15
AI regulation

Microsoft Urges Lawmakers, Companies to ‘Step Up’ with AI Guardrails

7 days ago
7
Footer Logo

Follow Us

Browse by Category

  • 3D
  • AI
  • Apple
  • Best Deals
  • Business
  • Cameras
  • Cars
  • Cool Gadgets
  • Crypto
  • Cybersecurity
  • Film
  • Finance
  • Games
  • Headphones
  • Laptops
  • Metaverse
  • Mobile
  • Monitors
  • Robotics
  • Sports
  • Tesla
  • TV
  • YouTube

Latest News

Millions Ethereum

Unveiling the Mind-Boggling Trend: Millions in Ethereum Sent to Random Twitter Wallets!

June 1, 2023
Winklevoss

Winklevoss Twins Attempt Pivot After Gemini Loses Money and Employees

May 30, 2023
  • About Us
  • Affiliate Disclosure
  • Contact Us
  • Disclaimer
  • Home
  • Privacy Policy

© 2022-2023 Logll Tech News — All Rights Reserved.

No Result
View All Result
  • Home
  • Business
  • Finance
  • Crypto
  • Metaverse
  • Games
  • Cybersecurity
  • Monitors
  • Headphones
  • Cameras
  • Cars
  • Laptops
  • Mobile
  • YouTube
  • Tesla
  • TV
  • AI
  • 3D
  • Film
  • Sports
  • Robotics
  • Apple
  • Best Deals
  • Cool Gadgets

© 2022-2023 Logll Tech News — All Rights Reserved.