BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New cryptostealer Rilide shamelessly robs users of Chromium browsers

    The principle of the malware is very similar to CryptoClipper, recently discovered by Kaspersky Lab.

    Chromium-based web browsers have fallen victim to a new malware called Rilide. The malware disguises itself as a legitimate Google Drive extension and allows attackers to perform a wide range of malicious activities, including monitoring browsing history, taking screenshots, and most importantly, injecting malicious scripts to steal victim funds from various cryptocurrency exchanges.

    Rilide can also display fake pop-up dialogs to trick users into entering a two-factor authentication code to 100% steal digital assets.

    Trustwave claims to have found two different campaigns involving Ekipa RAT and Aurora Stealer that reset the Rilide bootloader, leading to the installation of a malicious Chromium extension.

    While Ekipa RAT is spreading through malicious Microsoft Publisher files, Aurora Stealer's delivery vector has been fraudulent Google Ads ads. This method has become increasingly common among attackers in recent months.

    Both attack chains greatly simplify the execution of the Rust-based Rilide loader, which in turn modifies the browser's shortcut file and uses the "--load-extension" launch option to launch the malicious add-on.

    The exact origin of Rilide is unknown, but Trustwave said it was able to find an underground forum post posted in March 2022 by an attacker promoting the sale of a botnet with similar features.

    One of the notable features of Rilide is the ability to replace the copied address of the victim's crypto wallet from the clipboard with the attacker's address from a hard-coded list. Just like in the CriptoClipper malware recently uncovered by Kaspersky Lab.

    Trustwave specialists were able to track down the C2 server address specified in the Rilide code, and thereby identify various GitHub repositories where the cyberbandits stored downloaders for the correct installation of the malicious extension. GitHub was made aware of the issue and promptly removed the account.

    “The Rilide cryptostealer is a prime example of the growing sophistication of malicious browser extensions and the dangers they pose. While the upcoming introduction of Manifest v3 may make it harder for attackers to work, it is unlikely to completely solve the problem, since most of the features used by Rilide will still be available,” Trustwave concluded.
    Author DeepWeb
    Critical vulnerability in ChatGPT allows hackers to take over someone else's account
    how did Telegram become the new cyber scam den?

    Comments 0

    Add comment