Skip to main content

This PowerPoint ploy could help hackers empty your bank account

A hacker typing on an Apple MacBook laptop, which shows code on its screen.
Sora Shimazaki / Pexels

With various cybersecurity threats on a constant rise, it certainly feels like dangerous malware is around every corner. This time, it found its way into PowerPoint presentations disguised as helpful guides on how to protect yourself against phishing. The irony of it all is strong, but the worst part is that this malware could help attackers empty your bank account.

We’re talking about the Rilide Stealer Chrome browser extension which has been making the rounds lately, as reported by Bleeping Computer. Unfortunately, Rilide is readily-available to threat actors as it is sold for $5,000 to cybercriminals, meaning that it can be distributed in various ways. Chrome extensions are just one thing, although that seems to be the main source of the malware right now. The extension works on all Chromium-based browsers, so it’s not just Google Chrome, but also Brave, Microsoft Edge, and Opera.

In order for the malware to work, users have to download this extension first, and to that end, cybercriminals keep finding new ways to trick people to fall for their scams. Most recently, Rilide has been found in phishing emails that pretend to be legit VPN and firewall products. In those emails, the hackers talk about various possible threats users might run into online and offer “guidance” on how to avoid them, claiming that the extension can help.

Those who believe the contents of the presentation are directed to a guide on how to add this extension to Chrome. The links lead directly to malware, and from there, the extension can aid attackers in stealing login credentials, bank accounts, and cryptocurrencies stored in digital wallets. Rilide uses injection scripts to pull this off, and it works with many different crypto wallets, payment providers, banks, and email services.

Screenshot of a phishing PowerPoint presentation.
Bleeping Computer

Rilide also relies on using typosquatting domains to trick people. Also known as URL hijacking, this is a cybercrime tactic that preys on users who mistakenly type the wrong website address. As an example, the user might type “Gooogle.com” instead of “Google.com.” If the address is claimed by a threat actor, the person will be presented with a website that carefully impersonates various banks and payment service providers. Once they input their account credentials, the account is likely to be hijacked.

Researchers found over 1,500 such domains. Some of them have been boosted by SEO poisoning to rank higher in popular search engines. Moreover, the scammers also took to Twitter — or rather, X — to convince people to try out the extension.

The most curious part of Rilide is that it appears to bypass the Chrome Extension Manifest V3. This set of restrictions was meant to protect users from downloading malicious extensions, but unfortunately, Rilide managed to slip past the defenses.

As far as malware goes, Rilide is pretty scary. Not only can it help hackers empty your bank account, but it also might hit from many different angles due to the fact that it’s actively being updated and sold to threat actors. If you want to stay safe, follow the usual golden rule: Never open any links from sources you don’t trust, and don’t download any browser extensions that don’t seem trustworthy.

Thankfully, it seems Rilide is largely pointed at enterprise users and crypto owners, but you should still keep an eye out for any suspicious extensions.

Editors' Recommendations

Monica J. White
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
This $7 app doubled the performance of my gaming PC — seriously
Cyberpunk 2077 running on a gaming monitor.

I know it sounds too good to be true, but there's a $7 app that will double your performance in any game, with any graphics card. There are some caveats, as you probably suspect, but the app works shockingly well considering what it does -- and I haven't stopped using it since downloading it on Steam.

The app in question is called Lossless Scaling. It does two things. When the app released in 2018, it allowed you to upscale games (or any other content) using a more sophisticated algorithm than what your monitor uses. More recently, Lossless Scaling has added frame generation, and just a couple of weeks ago, that frame generation was overhauled.

Read more
Is LastPass safe? Here’s what we know about its security history
LastPass website on a laptop.

LastPass has been in the news quite a bit over the past decade. Following some data breaches and security incidents, you may be wondering if it’s now safe to use the well-known password manager -- whether you’re a previous, current, or potential LastPass user.

Let’s take a look at LastPass’ current features and security measures along with the previous incidents.
What is LastPass?

Read more
Gaming monitors just smashed through an important milestone
Forza Horizon 5 running on the HP Omen 27k.

The key difference between a normal monitor and a gaming monitor is the refresh rate, and TCL just revealed the fastest gaming monitor we've ever seen. At Display Week, the company demoed a gaming monitor that's capable of a 4K resolution at 1,000Hz, which vastly exceeds the options now available on the market.

Currently, Asus holds the crown for the fastest monitor on the market, with a 1080p resolution and a 540Hz refresh rate. Alienware isn't far behind with its 500Hz gaming monitor, which is also locked to 1080p. The fact that TCL has a display capable of 1,000Hz is impressive enough, but the 4K resolution really stands out.

Read more