Latest
New NGO jobs posted daily — browse the latest vacancies NGO Pulse Plus: manage your organisation's profile, ads and funding Funding opportunities updated weekly for South African nonprofits Post a job in minutes — reach thousands of nonprofit professionals Find your next NGO role today — search our job board Advertise your organisation's opportunities to the sector Stay updated with the latest news and funding alerts Connect with NGOs and nonprofits across South Africa New NGO jobs posted daily — browse the latest vacancies NGO Pulse Plus: manage your organisation's profile, ads and funding Funding opportunities updated weekly for South African nonprofits Post a job in minutes — reach thousands of nonprofit professionals Find your next NGO role today — search our job board Advertise your organisation's opportunities to the sector Stay updated with the latest news and funding alerts Connect with NGOs and nonprofits across South Africa
Home / News / Articles / Cryptocurrency-stealing malware targets...

Cryptocurrency-stealing malware targets Chrome, Edge, Opera browsers

11 Apr 2023 · 2 min read · 48,828 views
Cryptocurrency-stealing malware targets Chrome, Edge, Opera browsers

Cybersecurity researchers at Trustwave SpiderLabs Research have discovered a new malware strain targeting Chromium-based web browsers to steal cryptocurrency. Dubbed Rilide, the malware masquerades as a seemingly legitimate Google Drive extension. However, it lets hackers monitor browser history, take screenshots, and inject harmful scripts to siphon cryptocurrency. Chromium-based browsers include Google Chrome, Microsoft Edge, Brave, and Opera. “Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a broad spectrum of malicious activities, including monitoring browsing history, taking screenshots, and injecting malicious scripts to withdraw funds from various cryptocurrency exchanges,” says Trustwave SpiderLabs Research. Rilide can also display false dialogs to persuade users to enter two-factor authentication codes to withdraw cryptocurrency. Trustwave has identified two campaigns involving Ekipa RAT and Aurora Stealer that resulted in Rilide’s installation. Ekipa RAT is spread through malicious Microsoft Publisher files, while Aurora Stealer’s delivery vector is rogue Google Ads. Both infiltrated systems through the execution of a Rust-based loader that alters the Chromium browser’s LNK shortcut file to use the “—load-extension” command line switch to activate the extension. While its origins are unknown, Trustwave said it found a dark web forum post advertising a botnet with similar functionalities in March 2022. “The Rilide stealer is a prime example of the increasing sophistication of malicious browser extensions and the dangers they pose,” says Trustwave. “While the upcoming enforcement of manifest v3 may make it more challenging for threat actors to operate, it is unlikely to solve the issue entirely as most of the functionalities leveraged by Rilide will still be available.”

📬
Stay in the Loop
Get the latest NGO sector news, jobs and funding opportunities delivered weekly.
Subscribe to Newsletter