Security News > 2023 > April > Hackers use Rilide browser extension to bypass 2FA, steal crypto
Security researchers discovered a new malicious browser extension called Rilide, that targets Chromium-based products like Google Chrome, Brave, Opera, and Microsoft Edge.
Researchers at Trustwave SpiderLabs found that Rilide mimicked benign Google Drive extensions to hide in plain sight while abusing built-in Chrome functionalities.
Rilide's loader modifies the web browser shortcut files to automate the execution of the malicious extension that is dropped on the compromised system.
If there's a match, the extension loads additional scripts injected into the webpage to steal from the victim information related to cryptocurrencies, email account credentials, etc.
The extension also disables 'Content Security Policy,' a security feature designed to protect against cross-site scripting attacks, to freely load external resources that the browser would normally block.
Rilide showcases the growing sophistication of malicious browser extensions that now come with live monitoring and automated money-stealing systems.