Microsoft has issued a warning to users about a newly identified malware called StilachiRAT. The company describes StilachiRAT as a remote access trojan (RAT) with advanced capabilities that allow it to evade detection and steal sensitive data.
StilachiRAT primarily targets cryptocurrency wallets, scanning for wallet extensions in Google Chrome. The malware is capable of identifying at least 20 different wallet extensions, including MetaMask, Trust Wallet, Phantom, Coinbase, BNB Chain, and Bitget Wallet. Once these wallet extensions are detected,
StilachiRAT extracts credentials and configuration details, enabling attackers to drain funds from victims’ wallets.
The malware also monitors clipboard activity, searching for cryptocurrency keys or passwords that users may have copied, making it a serious threat for those holding digital assets. In addition to stealing data, StilachiRAT grants attackers the ability to execute remote commands, clear logs, and manipulate system registry settings to maintain persistent access to infected devices. It uses anti-forensic techniques to bypass security defenses, including identifying analysis tools and delaying execution.
One of the most concerning aspects of StilachiRAT is its ability to gather detailed information about infected devices, such as operating system data, hardware identifiers, and active applications. It also monitors Remote Desktop Protocol sessions, allowing attackers to impersonate users and potentially spread laterally across networks.
Although StilachiRAT is not yet widespread, Microsoft has stressed the importance of proactive defense to protect against this growing threat. The company recommends several security measures, such as downloading software only from official sources, enabling Microsoft Defender real-time protection, turning on cloud-delivered security, and using SmartScreen to block malicious websites.
Source: Linda Ikeji Blog