Trustwave SpiderLabs Research has issued a warning about a new strain of malware called Rilide that is being used to steal cryptocurrency from Chromium-based browsers like Chrome, Edge, Opera, and Brave. Disguised as a legitimate Google Drive extension, Rilide is a sophisticated type of malware that can monitor browsing history, capture screenshots, and inject malicious scripts to withdraw funds from cryptocurrency exchanges.
Trustwave has identified two campaigns that are spreading the malware. The first campaign uses Ekipa RAT, which is being spread through malicious Microsoft Publisher files, and the second campaign uses Aurora Stealer, which is being spread through rogue Google Ads. Trustwave warns that these campaigns are part of a larger attack by threat actors trying to siphon off cryptocurrency.
In addition to these campaigns, a dark web forum post made in March 2022 promoted a botnet with functionalities that are similar to Rilide. This should serve as yet another warning to cryptocurrency users who are increasingly becoming targets of cyber attackers trying to steal their digital assets.
Cryptocurrency has become a lucrative target for hackers as its value continues to rise. In 2021, the total value of cryptocurrency in circulation exceeded $2 trillion, with Bitcoin – the world’s largest and most popular cryptocurrency – accounting for the vast majority of this. As more and more people start investing in cryptocurrency, cyber attackers are finding new ways to exploit online security systems and steal digital assets.
One of the biggest challenges in protecting against cryptocurrency fraud is the anonymity that it provides. Transactions are recorded on a digital ledger called a blockchain, which ensures that they are secure and cannot be altered. However, unlike traditional banking systems, there is no regulatory body overseeing transactions and no way of tracking down stolen currency.
This has made cryptocurrency an attractive target for cybercriminals who use malware to gain access to cryptocurrencies by stealing the private keys through which the currency is accessed. In the case of Rilide, the malware is disguised as a Google Drive extension, which makes it difficult to detect.
As cryptocurrency attacks become more common, it is essential that users take proactive measures to protect their digital assets. Trustwave advises users to be cautious when installing browser extensions and to keep their browsers and operating systems updated with the latest security patches. Users should also consider using a hardware wallet to store their private keys, which provides an added layer of protection against cyber attacks.
In conclusion, the discovery of the Rilide malware is just the latest reminder of the growing threat of cyber attacks on cryptocurrency users. As the popularity and value of cryptocurrency continue to rise, so too will the threat of cybercrime. It is therefore essential that users stay vigilant and take proactive measures to protect their digital assets.
