Microsoft has reported discovering a new remote access trojan (RAT) named StilachiRAT, which targets cryptocurrency wallets on Google Chrome.
Discovery of StilachiRAT
The trojan was first identified in November last year by Microsoft's Incident Response Team. It demonstrates sophisticated techniques to evade detection and has the ability to exfiltrate personal user data, including cryptocurrency wallet details and clipboard information.
Technical Details of the Trojan
StilachiRAT targets over twenty crypto wallet extensions such as MetaMask, OKX, Coinbase, and Trust Wallet. It employs various methods to steal information, including extracting passwords and crypto keys stored in Chrome's local state files. Additionally, it can gather system information and check for active RDP sessions using WMI Query Language. C2 server communications are two-way, allowing instructions to be executed on infected devices.
Protection Recommendations
Microsoft emphasized that the trojan does not show widespread distribution at this time. The company recommends installing antivirus software and anti-phishing and anti-malware components to secure devices. The delivery method of the trojan remains unclear, but such trojans can be installed through various initial access routes.
Microsoft continues to monitor cybersecurity threats and shares information to prevent users from becoming victims of bad actors. Users should remain vigilant and protect their data by all possible means.
