You can use the Dashlane Authenticator app to add an extra layer of security for all of your 2-factor authentication (2FA) compatible accounts. The advancement of Rilide highlights the increasingly sophisticated nature of malicious browser extensions, which now feature live monitoring and automated systems for stealing money.Īlthough the enforcement of Manifest v3 may make it more challenging for threat actors to operate, it is improbable to resolve the problem entirely since most of Rilide’s functions will still be accessible. Dashlane’s authenticator app, Dashlane Authenticator, provides a simple way to turn on multifactor authentication (MFA) for your accounts. If the user accesses their mailbox through the same web browser, Rilide replaces email confirmations, including the withdrawal request email, which is substituted with a fake device authorization request. While the data targeted is mainly related to:. The extension will load additional scripts when a match is found, which will then be injected into the webpage to steal information from the victim. Threat actors usually use a listener like this to detect when a victim switches tabs, receives content from a website, or loads a page.įurthermore, the site’s current URL is checked against the list of targets available on the C2 server to determine if it matches. When the malware is executed, it executes a script that attaches a listener to the process. An Extension Like LeechĪ malicious extension is dropped on the compromised system by Rilide’s loader through modifications to the web browser shortcut files. Dashlane researchers tested each website on three critical 2FA criteria, awarding one point for SMS or email authentication, one point for software tokens, and three points for hardware tokens. Trustwave reports that there is an overlap between the malware and similar extensions that are sold to cybercriminals, although the origin of the malware is unknown.įurthermore, some parts of its code have been leaked on an underground forum following a dispute over hackers’ overpayment that has not been resolved. To distribute the malicious extension, one of them uses the Ekipa RAT. There are two methods of loading the extension through the Rust loader:.
0 Comments
Leave a Reply. |