Skip to main content

This PowerPoint ploy could help hackers empty your bank account

A hacker typing on an Apple MacBook laptop, which shows code on its screen.
Sora Shimazaki / Pexels

With various cybersecurity threats on a constant rise, it certainly feels like dangerous malware is around every corner. This time, it found its way into PowerPoint presentations disguised as helpful guides on how to protect yourself against phishing. The irony of it all is strong, but the worst part is that this malware could help attackers empty your bank account.

We’re talking about the Rilide Stealer Chrome browser extension which has been making the rounds lately, as reported by Bleeping Computer. Unfortunately, Rilide is readily-available to threat actors as it is sold for $5,000 to cybercriminals, meaning that it can be distributed in various ways. Chrome extensions are just one thing, although that seems to be the main source of the malware right now. The extension works on all Chromium-based browsers, so it’s not just Google Chrome, but also Brave, Microsoft Edge, and Opera.

Recommended Videos

In order for the malware to work, users have to download this extension first, and to that end, cybercriminals keep finding new ways to trick people to fall for their scams. Most recently, Rilide has been found in phishing emails that pretend to be legit VPN and firewall products. In those emails, the hackers talk about various possible threats users might run into online and offer “guidance” on how to avoid them, claiming that the extension can help.

Please enable Javascript to view this content

Those who believe the contents of the presentation are directed to a guide on how to add this extension to Chrome. The links lead directly to malware, and from there, the extension can aid attackers in stealing login credentials, bank accounts, and cryptocurrencies stored in digital wallets. Rilide uses injection scripts to pull this off, and it works with many different crypto wallets, payment providers, banks, and email services.

Screenshot of a phishing PowerPoint presentation.
Bleeping Computer

Rilide also relies on using typosquatting domains to trick people. Also known as URL hijacking, this is a cybercrime tactic that preys on users who mistakenly type the wrong website address. As an example, the user might type “Gooogle.com” instead of “Google.com.” If the address is claimed by a threat actor, the person will be presented with a website that carefully impersonates various banks and payment service providers. Once they input their account credentials, the account is likely to be hijacked.

Researchers found over 1,500 such domains. Some of them have been boosted by SEO poisoning to rank higher in popular search engines. Moreover, the scammers also took to Twitter — or rather, X — to convince people to try out the extension.

The most curious part of Rilide is that it appears to bypass the Chrome Extension Manifest V3. This set of restrictions was meant to protect users from downloading malicious extensions, but unfortunately, Rilide managed to slip past the defenses.

As far as malware goes, Rilide is pretty scary. Not only can it help hackers empty your bank account, but it also might hit from many different angles due to the fact that it’s actively being updated and sold to threat actors. If you want to stay safe, follow the usual golden rule: Never open any links from sources you don’t trust, and don’t download any browser extensions that don’t seem trustworthy.

Thankfully, it seems Rilide is largely pointed at enterprise users and crypto owners, but you should still keep an eye out for any suspicious extensions.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
Black Friday’s best PC hardware deal is still live, and you’re sleeping on it
The Ryzen 5 7600X sitting among thermal paste and RAM.

I'm not mad, just disappointed. A couple of weeks ago, I covered the insane deal that essentially allowed you to score a Ryzen 5 7600X -- still one of the best processors you can buy -- for just $105. At the time, I thought, surely, this will sell out in a matter of hours. Who would pass up on a deal this good? And yet, two weeks later to the day, the craziest deal I've seen during all of Black Friday and Cyber Monday is still live on Newegg.

Let me break down the deal again. You can get the Ryzen 5 7600X for $225, which is not a good price. However, you can get an additional $30 off by using promo code DLCDZ342, bringing the price down to $195. The kicker is that you also get a free Team Group MP44L 1TB PCIe 4.0 SSD. That's a $90 hard drive that Newegg is just throwing in with a CPU that's already available for a decent price. The fact that the deal is still live suggests either Newegg has a ton of inventory, or not enough people know about this sale.

Read more
NZXT dismisses PC rental allegations as ‘misconceptions’ while promising changes
The NZXT H7 Flow refreshed PC case showcased at Computex 2024.

NZXT founder and CEO Johnny Hou has publicly addressed growing criticism of the company’s Flex gaming PC rental program, which faced intense scrutiny after YouTube channel Gamers Nexus exposed significant flaws in its pricing and terms. In a detailed video, Gamers Nexus described the program as exploitative, pointing out that its long-term costs far outweighed the hardware's value, leaving customers locked into a financial commitment with minimal ownership options.

“I want to acknowledge that we messed up,” Hou said in a video published by the company. He also promised to address customer concerns and improve the program but offered few specifics on what changes would be implemented.

Read more
ChatGPT’s new Pro subscription will cost you $200 per month
glasses and chatgpt

Sam Altman and team kicked off the company's "12 Days of OpenAI" event Thursday with a live stream to debut the fully functional version of its 01 reasoning model, as well as a new subscription tier called ChatGPT Pro. But to gain unlimited access to these new features and capabilities, you're going to need to shell out an exorbitant $200 per month.

The 01 model, originally codenamed Project Strawberry, was first released in September as a preview, alongside a lighter-weight o1-mini model, to ChatGPT-Plus subscribers. o1, as a reasoning model, differs from standard LLMs in that it is capable of fact-checking itself before returning its generated response to the user. This helps such models reduce their propensity to hallucinate answers but comes at the cost of a longer inference period and slower response.

Read more