Rilide - An Information Stealing Browser Extension

Rilide is an information-stealing malware masquerading as a browser extension (often impersonating Google Drive) that targets Chromium-based browsers to capture screenshots, log credentials (including cryptocurrency wallets), manipulate web pages/emails, and exfiltrate data to a C2 resolved via blockchain-based dead drops; the report provides a multi-stage PowerShell dropper analysis, file/manifest contents, network IoCs, MITRE ATT&CK mappings, and mitigations including extension management and PowerShell logging.