Cybersecurity researchers at Trustwave SpiderLabs have discovered a new strain of malware that targets victims' cryptocurrency wallets.
Dubbed Rilide, the malware presents itself as an extension for Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, or Opera.
The malware presents itself as a legitimate extension for Google Drive, and if people were to install it on their devices, it would give it the ability to monitor your browsing history, take screenshots, and even inject malware scripts that would extract all your money found on cryptocurrency exchanges.
Fake Dialogues
What makes this malware unique is its ability to use "forged dialogs" to trick people into providing their multi-factor authentication keys and then mine crypto while running in the background. If the malware detects that the user has an account with a cryptocurrency exchange, it will attempt to make a withdrawal request in the background, while presenting the user with a fake device authentication dialog, to obtain the 2FA code.
Usually, cryptocurrency exchanges would also notify users about withdrawal requests via email, which this malware also tries to hide. These email confirmations are replaced "on the fly," the researchers said, as long as the user logs in to the mailbox using the same web browser. The request email is replaced with a device authorization request, which asks the victim to provide the 2FA code.
For researchers, the Rilide crook is a "great example" of how malicious browser extensions are becoming more sophisticated and dangerous. Businesses and consumers alike must remain vigilant at a time when too much information can dull our senses, the researchers conclude. Not all identities (opens in a new tab) on the Internet are legitimate:
"Information overload can affect our ability to accurately interpret the facts and make us more vulnerable to phishing attempts. It is important to remain vigilant and skeptical when receiving unsolicited emails or messages, and never assume that content on the Internet is safe , even if it appears to be.