Researchers at Trustwave Spiderlabs discovered a new strain of malware which clandestinely draws funds from cryptocurrency wallets. Trustwave Spiderlabs researchers also point out that Rilide is the latest example of how sophisticated cybercriminals have become in utilizing legitimate applications to hide their malicious activities. The malware could be used for various nefarious purposes, including stealing passwords, financial credentials and other confidential information from its victims.
Furthermore, the malware has been found on both Windows and Mac systems and appears to target individuals with cryptocurrency wallets installed on their computers. In light of this discovery, users should take extra caution when downloading extensions or applications from unknown sources. Verifying that an application or extension is legitimate before installing it onto your machine is important. Users should also regularly monitor their accounts for suspicious activity and consider implementing two-factor authentication where available.
The two researchers concede that Rilide is not the first malware to use malicious browser extensions. Still, they argue that it has an effective and rarely used the ability to deceive users into revealing their 2FA and then withdraw cryptocurrencies in the background. The researchers also noted that Rilide could harvest login credentials, including usernames and passwords. It can then use those to access computers or networks from a remote location.
Moreover, it can exploit browser vulnerabilities to infect users’ machines with malicious software. As for its other capabilities, Rilide has been observed stealing cryptocurrency wallets by using forged dialogues and bypassing two-factor authentication measures such as Google Authenticator or SMS codes. In addition, it uses in-browser notifications to display fake messages intended to convince victims to make payments.
The article’s authors argue that while steps such as the pending enforcement of the manifest v3 are expected to make life a little more difficult for cybercriminals, this alone may not be enough “to solve the issue entirely” because many features that cybercriminals use still available. In response, the researchers put forth several other measures that could be employed to protect users from malicious extensions better.
These measures include restricting access to sensitive APIs for browser extensions, increasing user awareness about the potential dangers posed by malicious extensions, and leveraging artificial intelligence techniques such as anomaly detection to detect suspicious activities originating from illegitimate extensions. Furthermore, they suggest that extension developers adopt advanced security measures such as code signing and sandboxing.
Ultimately, Knapczyk and Cieslak conclude that while “protecting browsers against malicious [extensions] is becoming increasingly difficult” due to their growing complexity, there are still ways in which organizations can mitigate the risk associated with them through careful management practices.
The two researchers warn users about unsolicited emails and urge them to be vigilant and sceptical. They also advise users to stay up-to-date on cybersecurity news. The researchers further advised users to know how their personal information is used and shared. They said that strong passwords, two-factor authentication, and regular software updates should all be considered essential for protecting data stored on any device or platform.
Finally, they stressed the importance of always backing up data regularly to ensure its safe recovery if a cyber attack was ever successful.