BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New cryptostealer Rilide shamelessly robs users of Chromium browsers

    The principle of the malware is very similar to CryptoClipper, recently discovered by Kaspersky Lab.

    Chromium-based web browsers have fallen victim to a new malware called Rilide. The malware disguises itself as a legitimate Google Drive extension and allows attackers to perform a wide range of malicious activities, including monitoring browsing history, taking screenshots, and most importantly, injecting malicious scripts to steal victim funds from various cryptocurrency exchanges.

    Rilide can also display fake pop-up dialogs to trick users into entering a two-factor authentication code to 100% steal digital assets.

    Trustwave claims to have found two different campaigns involving Ekipa RAT and Aurora Stealer that reset the Rilide bootloader, leading to the installation of a malicious Chromium extension.

    While Ekipa RAT is spreading through malicious Microsoft Publisher files, Aurora Stealer's delivery vector has been fraudulent Google Ads ads. This method has become increasingly common among attackers in recent months.

    Both attack chains greatly simplify the execution of the Rust-based Rilide loader, which in turn modifies the browser's shortcut file and uses the "--load-extension" launch option to launch the malicious add-on.

    The exact origin of Rilide is unknown, but Trustwave said it was able to find an underground forum post posted in March 2022 by an attacker promoting the sale of a botnet with similar features.

    One of the notable features of Rilide is the ability to replace the copied address of the victim's crypto wallet from the clipboard with the attacker's address from a hard-coded list. Just like in the CriptoClipper malware recently uncovered by Kaspersky Lab.

    Trustwave specialists were able to track down the C2 server address specified in the Rilide code, and thereby identify various GitHub repositories where the cyberbandits stored downloaders for the correct installation of the malicious extension. GitHub was made aware of the issue and promptly removed the account.

    “The Rilide cryptostealer is a prime example of the growing sophistication of malicious browser extensions and the dangers they pose. While the upcoming introduction of Manifest v3 may make it harder for attackers to work, it is unlikely to completely solve the problem, since most of the features used by Rilide will still be available,” Trustwave concluded.
    Author DeepWeb
    Critical vulnerability in ChatGPT allows hackers to take over someone else's account
    how did Telegram become the new cyber scam den?

    Comments 0

    Add comment