Security experts from Trustwave Spiderlabs have warned that Rilide malware is currently targeting cryptocurrency exchange users’ assets. The malware poses as a Google Drive extension and utilizes built-in Chrome features to monitor user actions during transactions. Rilide secretly extracts funds from crypto wallets and enables cybercriminals to track the transaction history of their targeted victims. Moreover, the malware allows attackers to inject malicious scripts to steal funds from cryptocurrency exchanges. One of the distinctive features of Rilide is its ability to replace a victim’s crypto wallet address with the attacker’s address. Trustwave researchers noted that the malware also utilizes fake dialogues to trick users into revealing their two-factor authentication, which is then used to withdraw cryptocurrencies in the background. The researchers urged cryptocurrency asset owners to remain “vigilant and healthily skeptical” and to exercise caution with unsolicited emails or unexpected events.
Microsoft Publisher and Aurora Stealer Identified as Distribution Channels
Trustwave experts identified Microsoft Publisher as one of the distribution channels for Rilide malware. The malicious file was part of Ekipa RAT, a remote access trojan designed for targeted attacks. The second variant of the Rilide strain, Aurora Stealer, was detected by Trustwave as Malware-as-a-Service in April 2022. Aurora is designed to collect data from multiple web browsers, cryptocurrency wallets, and local systems. Recently, the attackers behind Aurora have been using the Google Ads platform to distribute the malware, with campaigns imitating Team Viewer distributions. They also distributed Aurora via a fake website that imitated the NVIDIA driver site. The downloaded sample was packaged with Themida, a well-known commercial executable file protector.
Reminder to Exercise Caution When Online
Trustwave researchers emphasized that all content on the internet is dangerous, even if it appears to be benign. They advised users to be vigilant and cautious when unexpected events arise or when they receive unsolicited emails. Trustwave Spiderlabs’ findings highlight the need for individuals and organizations to remain up-to-date with the latest cybersecurity threats and to implement robust security measures to mitigate the risks associated with such attacks.
