Chromium-Based Web Browsers at Risk from Malware, Rilide
Rilide, a new form of malicious software, is posing a threat to users of Chromium-based web browsers. Disguised as an expansion of Google’s disk, attackers can use Rilide to perform a variety of harmful actions, including monitoring browsing history, creating screen images and introducing malicious scripts for the theft of cryptocurrency from different exchanges.
One particularly concerning feature of Rilide is its ability to display fake pop-up dialogs, which fraudulently trick users into entering two-factor authentication codes, enabling the thorough theft of digital assets.
Trustwave, a cybersecurity company, has uncovered two different campaigns using Rilide, carried out by Ekipa Rat and Aurora Stealer. Both employ the Rilide bootloader to install malicious expansions on Chromium. Ekipa Rat is delivered through malicious files from Microsoft Publisher, while Aurora Stealer uses fraudulent ads as its delivery vector. Attackers can also use Aurora Stealer to create malicious phishing sites, which can appear directly in Google search results or on third-party sites.
This scheme is becoming increasingly popular among cybercriminals due to the difficulties in identifying harmful websites. As a result, fraudulent announcements are allowed for publication, with Google experts unable to unequivocally determine the website’s safety.