August 3, 2023 By Bill Toulas
The malicious Rilide Stealer Chrome browser extension has returned in new campaigns targeting crypto users and enterprise employees to steal credentials and crypto wallets.
Rilide is a malicious browser extension for Chromium-based browsers, including Chrome, Edge, Brave, and Opera, that Trustwave SpiderLabs initially discovered in April 2023.
When first discovered, the Rilide browser extension impersonated the legitimate Google Drive extensions to hijack the browser, monitor all user activity, and steal information like email account credentials or cryptocurrency assets.
Trustwave Spiderlabs have discovered a new version of Rilide that now supports the Chrome Extension Manifest V3, allowing it to overcome restrictions introduced by Google's new extension specifications and adding additional code obfuscation to evade detection.
Moreover, the latest Rilide malware extension now also targets banking accounts. It can exfiltrate the stolen data via a Telegram channel or by capturing screenshots at pre-determined intervals and sending them to the C2 server.
