Subj : Watch out - that PowerPoint link could be Chrome malware To : All From : TechnologyDaily Date : Fri Aug 04 2023 14:15:03 Watch out - that PowerPoint link could be Chrome malware Date: Fri, 04 Aug 2023 12:55:05 +0000 Description: Hackers are coming up with new ways to distribute malware and steal people's money. FULL STORY ====================================================================== Cybersecurity researchers from Trustwave Spiderlabs have discovered an updated version of the infamous Rilide Stealer, a malicious Google Chrome extension capable of stealing peoples login credentials, banking accounts, and cryptocurrencies stored in wallet add-ons. The extension works on Chromium-based browsers , including Chrome, Edge, Brave, and Opera. While malicious extensions are nothing new, the distribution method for this particular version is somewhat original. According to the researchers report, the threat actors were distributing phishing emails, impersonating VPN products and firewall service providers, such as Palo Altos GlobalProtect App. In the emails, theyd warn the recipients of a cyber-threat lurking in the wild and offer guidance, through a PowerPoint presentation, on how to install the legitimate extension and thus ensure the safety of their endpoints. However, the links provided in the PP presentation lead straight to the malware. Bypassing Chrome Extension Manifest V3 If the victims fall for the trick and install Rilide, the malware targets multiple banks, payment providers, email service providers, cryptocurrency exchange platforms, VPNs, and cloud service providers, BleepingComputer reports. The malware works by using injection scripts and focuses mostly on targets living in Australia and the United Kingdom. The new version of the malware is also interesting because it successfully bypasses Chrome Extension Manifest V3 - Googles newly introduced extension restrictions that were supposed to protect users from malicious add-ons. (Image credit: Shutterstock) The stolen data is then exfiltrated to a Telegram channel, or delivered through screenshots to a pre-determined C2 server. The researchers dont know exactly who is behind this campaign, as Rilide is a commodity malware, being sold on hacker forums, and most likely used in different campaigns. In this particular instance, the attackers generated more than 1,500 phishing pages (with typosquatted domains) and promoted them via SEO poisoning on trusted search engines. They also impersonated banks and service providers to get the victims to type in their login details. Twitter is also being abused for the campaign, luring people to phishing websites for fraudulent play-to-earn blockchain games. Via BleepingComputer More from TechRadar Pro ====================================================================== Link to news story: https://www.techradar.com/pro/watch-out-that-powerpoint-link-could-be-chrome-m alware --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .