Security News > 2023 > April > Hackers use Rilide browser extension to bypass 2FA, steal crypto

Security researchers discovered a new malicious browser extension called Rilide, that targets Chromium-based products like Google Chrome, Brave, Opera, and Microsoft Edge.
Researchers at Trustwave SpiderLabs found that Rilide mimicked benign Google Drive extensions to hide in plain sight while abusing built-in Chrome functionalities.
Rilide's loader modifies the web browser shortcut files to automate the execution of the malicious extension that is dropped on the compromised system.
If there's a match, the extension loads additional scripts injected into the webpage to steal from the victim information related to cryptocurrencies, email account credentials, etc.
The extension also disables 'Content Security Policy,' a security feature designed to protect against cross-site scripting attacks, to freely load external resources that the browser would normally block.
Rilide showcases the growing sophistication of malicious browser extensions that now come with live monitoring and automated money-stealing systems.
News URL
Related news
- Hackers target AI and crypto as software supply chain risks grow (source)
- Critical flaw in Next.js lets hackers bypass authorization (source)
- Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Hackers exploit WordPress plugin auth bypass hours after disclosure (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)