Rilide Stealer

Rilide Stealer is a malicious software that exploits and damages computer systems by stealing personal information, disrupting operations, or holding data hostage. In H1 2024, an updated version of the malware, Rilide Stealer V4, was identified by researchers at Bitdefender Labs in various sponsored ad campaigns. The ads impersonated AI-based software or photo editors including Sora, CapCut, Gemini AI, Photo Effects Pro, and CapCut Pro. Users interacting with these deceptive ads could have unknowingly downloaded and deployed harmful files onto their devices, such as Rilide Stealer, Vidar Stealer, IceRAT, and Nova Stealer. In a more sophisticated approach, Rilide Stealer masqueraded as a Chrome browser extension, specifically Google Translate, according to the ESET Threat Report H1 2024. However, it was actually an infostealer known as "Rilide Stealer V4," designed to harvest users' Facebook credentials. The malware was also spotted misusing the names of generative AI assistants like OpenAI's Sora and Google's Gemini to lure potential victims into its trap. By August 2023, Chromium-based web browsers had been targeted by a newer, more advanced version of the Rilide Stealer malware. This upgraded variant enabled stolen data and cryptocurrency exfiltration to interval-based screenshot captures or a Telegram channel, as reported by The Hacker News. The evolution and sophistication of the Rilide Stealer highlight the increasing threat posed by such malware, necessitating robust cybersecurity measures.