Trustwave Spiderlabs, a team of security experts, recently discovered a new strain of malware called Rilide that specifically targets users of cryptocurrency exchanges.
The Rilide malware is designed to look like a Google Drive extension and utilizes built-in Chrome features to monitor user activity on cryptocurrency exchanges.
It then extracts funds from crypto wallets and allows cybercriminals to track the transaction history of targeted victims.
One of the key features of Rilide is its ability to replace the copied address of a victim’s crypto wallet with the attacker’s address.
This malware is particularly dangerous because it can use fake conversations to trick users into revealing their two-factor authentication and then withdraw cryptocurrencies in the background.
The Rilide malware has been distributed through Microsoft Publisher and Aurora Stealer, a Malware-as-a-Service (MaaS) that collects data from web browsers, cryptocurrency wallets, and local systems.
The attackers behind Aurora have been seen spreading malware using the Google Ads platform and imitating legitimate software installers to deploy Aurora.
Trustwave experts advise crypto asset holders to be cautious and skeptical of unsolicited emails and unconventional events.
In addition to the Rilide malware, a certain community called LinkingLion has been collecting data about the owners of bitcoins and their operations, according to a Bitcoin network developer under the pseudonym 0xB10C.
It is important for users to remember that any content on the Internet is not safe, even if it appears to be.