Security News > 2023 > April > Hackers use Rilide browser extension to bypass 2FA, steal crypto

Security researchers discovered a new malicious browser extension called Rilide, that targets Chromium-based products like Google Chrome, Brave, Opera, and Microsoft Edge.
Researchers at Trustwave SpiderLabs found that Rilide mimicked benign Google Drive extensions to hide in plain sight while abusing built-in Chrome functionalities.
Rilide's loader modifies the web browser shortcut files to automate the execution of the malicious extension that is dropped on the compromised system.
If there's a match, the extension loads additional scripts injected into the webpage to steal from the victim information related to cryptocurrencies, email account credentials, etc.
The extension also disables 'Content Security Policy,' a security feature designed to protect against cross-site scripting attacks, to freely load external resources that the browser would normally block.
Rilide showcases the growing sophistication of malicious browser extensions that now come with live monitoring and automated money-stealing systems.
News URL
Related news
- zkLend loses $9.5M in crypto heist, asks hacker to return 90% (source)
- Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners (source)
- Hackers exploit authentication bypass in Palo Alto Networks PAN-OS (source)
- Hackers pose as employers to steal crypto, login credentials (source)
- North Korean hackers linked to $1.5 billion ByBit crypto heist (source)
- FBI confirms Lazarus hackers were behind $1.5B Bybit crypto heist (source)
- Hackers target AI and crypto as software supply chain risks grow (source)
- Critical flaw in Next.js lets hackers bypass authorization (source)
- Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)