Trustwave Spiderlabs Researchers Warn of New Strain of Malware That Drains Crypto Funds


According to researchers at Trustwave Spiderlabs, a strain of malware known as Rilide is believed to be helping cybercriminals steal funds from cryptocurrency exchanges. Although the steps being taken to tackle this malware are likely to make life more difficult for cybercriminals, two researchers — Pawel Knapczyk and Wojciech Cieslak — said this alone may not be enough to “solve the issue entirely.”

Malicious Browser Extensions

Researchers at Trustwave Spiderlabs recently said they discovered a new strain of malware which clandestinely draws funds from crypto wallets. According to the researchers, the malware, known as Rilide, is thought to disguise itself as a legitimate Google Drive extension. Besides giving cybercriminals the ability to monitor the browsing history of their targeted victims, Rilide enables the injection of “malicious scripts to steal funds from cryptocurrency exchanges.”

In their blog post published on April 4, the two researchers Pawel Knapczyk and Wojciech Cieslak concede that Rilide is not the first malware to use malicious browser extensions. However, the researchers said they have seen how the malware tricks users before it drains funds from their respective crypto wallets.

“Where this malware differs is it has the effective and rarely used ability to utilize forged dialogs to deceive users into revealing their two-factor authentication (2FA) and then withdraw cryptocurrencies in the background,” the researchers argued.

While steps such as the pending enforcement of the so-called manifest v3 are expected to make life a little more difficult for cybercriminals, Knapczyk and Cieslak assert that this alone may not be enough “to solve the issue entirely as most of the functionalities leveraged by Rilide will still be available.”

Meanwhile, in their warning to users, the two researchers reiterated the importance of remaining “vigilant and sceptical” each time they received unsolicited emails. They added that users must “never assume that any content on the internet is safe, even if it appears to be.” Similarly, users should always strive to stay informed and educated about the latest events in the cybersecurity industry.

What are your thoughts on this story? Let us know what you think in the comments section below.