Microsoft has discovered a new remote access Trojan (RAT) that targets crypto currency wallets in Google Chrome extensions. The malware, named StilachiRAT, can steal sensitive information and evade detection.
Microsoft researchers found StilachiRAT in Nov. 2024. The malware collects system data, steals credentials, and extracts cryptocurrency wallet information. Additionally, it also monitors clipboard activity to capture sensitive data.
The malware achieves persistence by using Windows service control mechanisms. It establishes communication with remote servers, allowing hackers to execute commands and manipulate infected systems.
Crypto wallets targeted by stilachiRAT
StilachiRAT targets 20 cryptocurrency wallet extensions in Chrome. It scans for stored wallet configuration data, aiming to access digital assets. However, it can also decrypt saved credentials in Chrome, giving attackers access to usernames and passwords. The malware monitors active Remote Desktop Protocol (RDP) sessions, allowing attackers to impersonate users and move within networks.
Microsoft has not linked the malware to any specific hacker group or region. The company states that the malware is not widely distributed but warns about its stealthy nature. Attackers can install it through multiple methods. Microsoft advises organizations to strengthen security to prevent initial infections.
Microsoft monitors stilachiRAT
Microsoft’s security tools can detect StilachiRAT-related activity. The company has shared detection details and hunting queries to help security teams identify threats. It continues to monitor the malware and investigate how attackers distribute it.
The malware uses anti-forensic tactics to avoid detection. It clears event logs, detects analysis tools, and evades security sandboxes. In addition, it also creates watchdog threads to restore itself if removed. These techniques make it harder to detect and eliminate.
Microsoft urges users to stay alert. Organizations should apply security measures to protect their systems. Regular updates and strong authentication can help prevent unauthorized access. Crypto wallet users should ensure their accounts remain secure. The threat landscape is evolving, and vigilance is necessary.
