Trustwave security researchers have uncovered a new strain of malware, dubbed Rilide, which is being used to siphon crypto funds from unsuspecting victims. According to the researchers, the malicious program disguises itself as a legitimate Google Drive extension and can even inject malicious scripts to steal funds from cryptocurrency exchanges.
Malware Employs Forged Dialogs
In a blog post published on April 4, the two researchers, Pawel Knapczyk and Wojciech Cieslak, revealed the discovery of a new strain of malware which is believed to be helping cybercriminals steal funds from crypto wallets. The researchers noted that the malicious program, known as Rilide, has the ability to use forged dialogs to deceive users into providing their two-factor authentication (2FA) details, before draining funds from their respective accounts.
Although malicious browser extensions have been used by cybercriminals in the past, the researchers noted that this particular malware differs in that it can “effectively and rarely used ability to utilize forged dialogs to deceive users into revealing their two-factor authentication (2FA) and then withdraw cryptocurrencies in the background.”
Knapczyk and Cieslak also argued that while initiatives such as the pending enforcement of manifest v3 may make life more difficult for cybercriminals, it may not be enough “to solve the issue entirely as most of the functionalities leveraged by Rilide will still be available.”
The researchers warned users to always remain wary and skeptical of unsolicited emails and not to assume that any content on the internet is safe, even if it appears to be. Similarly, users should remain informed and educated about the latest developments in the cybersecurity industry.
What are your thoughts on this story? Let us know what you think in the comments section below.
Image Credits: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.
