What Is Rilide Malware?

Rilide malware is a strain of malware that was discovered in April of 2023. Rilide primarily targets Chromium-based browsers, spanning Google Chrome, Opera, Brave, and Microsoft Edge.

Rilide initially appears to customers as a harmless Google Drive extension while in reality being able to:

  • Farm browsing histories
  • Collect screenshots of financial details
  • Inject malicious scripts to steal any cryptocurrency

Read the 2025 Security Report Request a Demo

The Rise of Rilide Malware

The rise of Rilide malware differs from traditional forms of malware programs:

  • Typically, malware is downloaded onto a device via a corrupted link or hides within a file that a user downloads onto their computer.
  • Rilide malware, on the other hand, resides within browser extensions, hiding inside extensions that seem to offer utility to users.

When a user unknowingly downloads a browser extension that has Rilide malware inside, Rilide will then automatically execute a script to gain full access to the user’s browser. With the extensive access provided by accepting the terms of downloading a browser extension, Rilide is then able to:

  • Take screenshots of sensitive information
  • Capture passwords
  • Collect private key information to drain cryptocurrency accounts

Cybercriminals can freely buy Rilide malware on the dark web. They can then create and market seemingly useful browser extensions to the general public, instantly gaining access to the private information of anyone who downloads their extension.

One such case of this occurring was when Rilide malware was included in a fake staff PowerPoint that was sent to Zendesk employees. The PowerPoint explained a useful Chrome extension that employees could use and outlined how to download it onto their computers.

In reality, this was a fake PowerPoint that demonstrated how to download an extension infected with Rilide malware.

How Rilide Operates

Although the domain that Rilide malware operates in is slightly different, being that it hides within browser extensions, it still operates in a similar way to other malware programs. Like all programs, it will hide within a file that users then download onto their computer or mobile device.

Once it manages to enter a new system, it then executes and begins its nefarious use.

As outlined, it can:

  • Exfiltrate data from an infected device: A threat actor could use this information to steal passwords and access accounts, copy financial information for fraud, or collect company information accounts to gain access to download other forms of malware or ransomware.

Hijack email websites: It can make it seem like a reputable multi-factor authentication email has arrived to a user. Rilide will be able to monitor a user’s interaction with these emails to then send a threat actor the real MFA code, allowing them to gain access to an account without the user knowing.

Target Demographics and the Security Threats Rilide Poses

Here are some of the key demographics that Rilide malware targets and the specific reason that group is at risk:

  • Cryptocurrency Traders: As Rilide can steal wallet information, threat actors use this form of malware when targeting people they know to engage in cryptocurrency trading. By advertising an extension that appeals to traders, they can trick crypto enthusiasts into downloading their malware.
  • Businesses in High-Value Industries: Any business that deals with sensitive information, like those in the financial or medical spheres, is a target for this malware, as it can exfiltrate data and then either blackmail the company or hold them to ransom.
  • Frequent Buyers: If someone frequently makes purchases from e-commerce stores and enters their financial information into their browser, they’re the perfect target for a threat actor using the Rilide malware.

How to Prevent Rilide Malware: The 3 Effective Steps

There are several ways that your business can protect against Rilide malware:

  1. Prevent Unverified Extensions: Your security administrator should block employees from downloading any extensions onto their browser that haven’t been verified by your company.
  2. Remove Unnecessary Extensions: Especially for larger businesses, reducing your potential attack surface by getting rid of any extensions you no longer use or need.
  3. Employ Endpoint Protection: Ensure your business has firewalls and endpoint protection that will monitor your network for potentially malicious files and remove them before they cause damage.

Defending Against Rilide Malware

Here are three strategies to better defend against malware and defend your business ecosystem:

  • Move to Alternative Multi-Factor Authentication: The MFA hijacking that Rilide uses works on email-based MFA. By manipulating what a user sees on their device, it can steal MFA logins and feed them to a malicious actor. By moving away from same-device MFA and instead looking for other hardware devices that offer MFA, like receiving a text on your mobile phone or receiving an authentication code on another device, you can avert same-device MFA hijacking.
  • Compartmentalize Systems: Compartmentalizing employee devices will help ensure that even if one device is compromised, malware like Rilide doesn’t permeate into your entire ecosystem.
  • Follow Best Security Practices: Make sure that you always audit your systems, patch to the most recent releases of software, and follow all the other leading advice to protect your wider business ecosystem from cyber threats.

Malware Protection with Check Point

Considering how central extensions have become to streamline the world of business, companies and individuals alike should take the threat of Rilide malware seriously. With its unique delivery system of a malicious browser extension, Rilide malware is a significant threat that can lead to:

  • The loss of sensitive data
  • Theft of cryptocurrency
  • Major company-wide data breaches

The Check Point Hybrid Mesh Firewall system offers extensive protection against all forms of malware, providing an all-in-one malware protection solution that can help to detect and defend against Rilide malware. Acting as an automated firewall that logs, monitors, detects, blocks, and disables forms of malware, Check Point Hybrid Mesh Firewall can help keep your devices as safe as possible.

Get Started

Zero Trust Security

Cyber security report

Harmony Endpoint Protection

Endpoint Security

Related Topics

Types of Malware

Crypto Malware

Anti Malware

Phishing Attack

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK