They use a fake extension to steal passwords
Specifically, it is an extension called Rilide. It is available for Google Chrome, Edge, Opera and Brave. What this browser plugin does is monitor everything you do, take screenshots or steal cryptocurrency. It uses scripts injected into web pages.
But how does this reach users? what they do is mimic a legitimate Google Drive extension. The victim installs that plugin thinking that it is something original and harmless. The problem is that, without the victim’s knowledge, it exploits certain browser features to steal data and compromise privacy. The cybersecurity company that has detected this threat found two different campaigns. In one of these campaigns they used the Ekipa remote access Trojan.
The exact origin of the malware is unknown, although it has been detected in similar extensions. Cybercriminals trade this type of malware on the Internet. Dark Web. In all these cases, the objective is to put the security and privacy of the victim at risk, steal passwords or 2FA codes.
Rilide is capable of modifying Chrome shortcut files or the web browser it affects. From there, it automates the execution of the malicious extension and affects the compromised system. the malware run a script and starts monitoring everything, when the victim changes tabs, receives content from a website, etc.
This extension is also capable of disable certain security features. In this way, the hacker will be able to have more freedom to act. It will be able to steal data, information, passwords… The add-on is capable of regularly sending browsing history to a server controlled by the attacker.
But a novel feature is that it is capable of using a 2FA code bypass system. What it does is use fake dialog boxes to trick the victim into entering the access codes. With this they achieve absolute control.
How to avoid attacks with fake browser extensions
We can say that avoiding being victims of computer attacks of this type, in which they use fake browser extensions, it’s simple. Common sense is essential, so it is key to only install plugins from official sources. Avoid installing software from third-party sources, as it may have been maliciously modified.
It is also important to have updated browser. It doesn’t matter if you use Google Chrome, Mozilla Firefox or any other. You should always have the latest versions installed and thus avoid problems that may compromise your security and privacy. That will avoid many problems in your day to day.
Besides, have the device protected that you use is also essential. Always install a good antivirus, as it can alert you if you accidentally download a dangerous add-on. It will scan any file and automatically delete it if it detects anything strange.
In short, as you can see, there is a new threat that endangers security when using Chrome and other browsers. It is imperative that you are protected and avoid installing extensions that are dangerous. Common sense, in these cases, is key. Not making mistakes will help you avoid exposing information when browsing.
