Some of the biggest and most popular browsers out there are being attacked by hackers once again with a new malware strain that aims to steal people’s sensitive data. Let’s dive into it and see how you can protect yourself.
Browsers like Google Chrome, Microsoft Edge and others are being attacked by a malware strain, according to a new report released by Trustwave SpiderLabs.
The strain, known now as Rilide, can do a variety of malicious actions, including monitoring browsing history, taking screenshots on people’s devices, and stealing cryptocurrency using scripts injected into websites. Rilide is also capable of intercepting two-factor authentication codes and taking over email accounts, so it’s really one to watch out closely for as it can be super damaging.
POLICE ARE USING INVASIVE FACIAL RECOGNITION SOFTWARE TO PUT EVERY AMERICAN IN A PERPETUAL LINEUP
Rilide uses a loader that modifies the browser shortcut files and then automates the malicious browser extension dropped onto infected systems by the malware. Once that’s done, it runs a script that monitors when a user infected by the malware does actions such as switching tabs, receiving content from the web, or when a web page finishes loading.
The hackers also have a list of target websites on a command-and-control server. The loader will check if the website user matches anything on the list. If there’s a match, it will load additional scripts that are injected into a web page to steal sensitive information from victims.
MORE: HOW HACKERS ARE USING CHATGPT TO CREATE MALWARE TO TARGET YOU
The way the strain is being spread among users is through a fake Google Drive browser extension. Plus, the hackers are also abusing Google Ads and the Aurora Stealer to load the extension using a Rust loader. For reference, a Rust loader is software that loads and prepares Rust programs for execution by resolving any missing pieces needed to run the program. The hackers are likely using a Malware-as-a-Service business model to sell Rilide to other cybercriminals who then use it to continue attacking more people like a domino effect.
MORE: BEWARE OF NEW MACSTEALER MALWARE THAT CAN STEAL YOUR ICLOUD KEYCHAIN DATA AND PASSWORDS
The best thing you can do yourself to avoid getting scammed is by installing antivirus software on all your devices. In the scam email above, having Antivirus software would prevent you from clicking through to any malicious sites or installations.
See my expert review of the best antivirus protection for your Windows, Mac, Android & iOS devices by visiting CyberGuy.com/LockUpYourTech .
Related: Free antivirus: should you use it?
NEVER FORGET ANOTHER APPOINTMENT AGAIN WITH THIS ULTIMATE SCHEDULING TECH
You should also consider using an identity theft service, which will notify you if you have any sensitive data stolen from you such as cryptocurrency information.
Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using my No. 1 pick includes identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses.
See my tips and best picks on how to protect yourself from identity theft by visiting CyberGuy.com/IdentityTheft.
DON’T FALL FOR THIS NEW BANKING SCAM
Make sure you are only ever installing browser extensions from official sites like the Chrome Web Store or the Microsoft Edge Add-ons store. These will further guarantee that you won’t become the victim of some bogus browser trying to steal your data.
Have you been a victim of sneaky malware attacks? Let us know at CyberGuy.com/Contact.
For more of my tips, subscribe to my free CyberGuy Report Newsletter by clicking the “Free newsletter” link at the top of my website.
Copyright 2023 CyberGuy.com. All rights reserved.