This PowerPoint ploy could help hackers empty your bank account
Another dangerous malware is making the rounds, and this time, not even PowerPoint presentations are safe.
With various cybersecurity threats on a constant rise, it certainly feels like dangerous malware is around every corner. This time, it found its way into PowerPoint presentations disguised as helpful guides on how to protect yourself against phishing. The irony of it all is strong, but the worst part is that this malware could help attackers empty your bank account.
We’re talking about the Rilide Stealer Chrome browser extension which has been making the rounds lately, as reported by Bleeping Computer. Unfortunately, Rilide is readily-available to threat actors as it is sold for $5,000 to cybercriminals, meaning that it can be distributed in various ways. Chrome extensions are just one thing, although that seems to be the main source of the malware right now. The extension works on all Chromium-based browsers, so it’s not just Google Chrome, but also Brave, Microsoft Edge, and Opera.
In order for the malware to work, users have to download this extension first, and to that end, cybercriminals keep finding new ways to trick people to fall for their scams. Most recently, Rilide has been found in phishing emails that pretend to be legit VPN and firewall products. In those emails, the hackers talk about various possible threats users might run into online and offer “guidance” on how to avoid them, claiming that the extension can help.
Those who believe the contents of the presentation are directed to a guide on how to add this extension to Chrome. The links lead directly to malware, and from there, the extension can aid attackers in stealing login credentials, bank accounts, and cryptocurrencies stored in digital wallets. Rilide uses injection scripts to pull this off, and it works with many different crypto wallets, payment providers, banks, and email services.
Bleeping ComputerRilide also relies on using typosquatting domains to trick people. Also known as URL hijacking, this is a cybercrime tactic that preys on users who mistakenly type the wrong website address. As an example, the user might type “Gooogle.com” instead of “Google.com.” If the address is claimed by a threat actor, the person will be presented with a website that carefully impersonates various banks and payment service providers. Once they input their account credentials, the account is likely to be hijacked.
Researchers found over 1,500 such domains. Some of them have been boosted by SEO poisoning to rank higher in popular search engines. Moreover, the scammers also took to Twitter — or rather, X — to convince people to try out the extension.
The most curious part of Rilide is that it appears to bypass the Chrome Extension Manifest V3. This set of restrictions was meant to protect users from downloading malicious extensions, but unfortunately, Rilide managed to slip past the defenses.
As far as malware goes, Rilide is pretty scary. Not only can it help hackers empty your bank account, but it also might hit from many different angles due to the fact that it’s actively being updated and sold to threat actors. If you want to stay safe, follow the usual golden rule: Never open any links from sources you don’t trust, and don’t download any browser extensions that don’t seem trustworthy.
Thankfully, it seems Rilide is largely pointed at enterprise users and crypto owners, but you should still keep an eye out for any suspicious extensions.
Editors' Recommendations
This Chrome extension lets hackers remotely seize your PC Spellcheckers in Google Chrome could expose your passwords Microsoft Edge’s new Performance Mode could make it a more powerful web browser Microsoft has an A.I. coach that can critique your PowerPoint presentations Latest SMS breach could allow hackers access to your online accountsMonica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
Beware of malware, adware when downloading Google Chrome through Microsoft Edge
New Windows 10 PC owners should be careful about downloading Google Chrome through Microsoft Edge, as Bing is apparently returning search results that contain malware and adware.
There is a running joke that the only purpose of Microsoft Edge is to download Google Chrome, but it appears that the tables could easily turn for users who are not careful. Fortunately, Twitter user Gabriel Landau did not fall prey to a fake Google Chrome download page returned by a Bing search.
GPU prices and availability (Q3 2023): how much are GPUs today?
The GPU shortage is over, and gamers around the world can breathe a sigh of relief. For those in the market for one of the best graphics cards, we closely looked at graphics card prices and availability to see where the GPU market is headed and to figure out the best time to buy.
If you're looking for a cheap GPU deal, now is the time to buy. Cards from both AMD and Nvidia usually hover around the recommended list price, but some models are actually priced well below that.
Lenovo’s new 14-inch gaming laptop beats the ROG G14 in one key way
The ROG Zephyrus G14 has been a fan-favorite 14-inch gaming laptop these past few years, even with many recent competitors in the space. Lenovo's new Legion Slim 5 14, though, has one major advantage of the G14. Its screen.
The Legion Slim 5 14, now in its eighth generation, is receiving a major upgrade in its display, moving from a standard IPS to a 120Hz OLED. This more advanced panel technology can, of course, produce unbeatable contrast, thanks to the individually-lit pixels. At a max of 400 nits, the HDR performance in games should look rather nice too.