Summary: Microsoft has discovered a new remote access trojan named StilachiRAT, which utilizes sophisticated evasion techniques to maintain persistence on compromised systems while exfiltrating sensitive data. The malware targets several cryptocurrency wallet extensions and can manipulate system settings and steal credentials. Although the origin of StilachiRAT remains unknown, its capabilities warrant serious attention due to its stealth and extensive data collection functions.
Affected: Cryptocurrency wallet users (especially Chrome browser extensions)
Keypoints :
- StilachiRAT exfiltrates sensitive data, including configurations from popular cryptocurrency wallets like MetaMask and Coinbase Wallet.
- The malware can extract and decrypt saved credentials, monitoring clipboard activity for passwords and cryptocurrency keys.
- To remain undetected, it deletes system logs and adjusts computer settings before executing commands from its command-and-control server.
Source: https://therecord.media/stilachirat-new-remote-access-trojan-crypto-wallets