Microsoft Identifies StilachiRAT Targeting Crypto Wallets

Microsoft has identified a new remote access trojan (RAT) named StilachiRAT, which specifically targets cryptocurrency wallets. This malware is designed to scan for configuration data from 20 different cryptocurrency wallet extensions for the Google Chrome browser, making it a significant threat to users who store their digital assets in these wallets. The trojan not only steals credentials stored in the browser but also conducts system reconnaissance, mapping out the user's system and exfiltrating sensitive data.

The discovery of StilachiRAT highlights the evolving tactics of cybercriminals, who are increasingly focusing on digital wallets due to the high value of cryptocurrencies. Microsoft's Incident Response researchers found that this RAT demonstrates a high level of sophistication, capable of evading detection and executing complex attacks. The malware's ability to remain undetected while mapping systems and stealing data underscores the need for robust security measures.

Microsoft has advised users to take strong security precautions to protect against StilachiRAT. This includes updating browsers and security software, using strong and unique passwords, and enabling two-factor authentication. Additionally, users are encouraged to be cautious of phishing attempts and to avoid downloading software from untrusted sources. The tech giant's warning serves as a reminder of the importance of vigilance in the face of increasingly sophisticated cyber threats.

StilachiRAT was first discovered by Microsoft’s Incident Response Team in November. The malware can steal information such as credentials stored in the browser, digital wallet information, and data stored in the clipboard. After deployment, the bad actors can use StilachiRAT to siphon crypto wallet data by scanning device settings to see if any of the 20 crypto wallet extensions are installed, including Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet.

Among its other capabilities, the malware can extract credentials saved in the Google Chrome local state file and monitor clipboard activity for sensitive information like passwords and crypto keys. It can also use detection evasion and anti-forensics features, like the ability to clear event logs and check for signs it’s running in a sandbox to block analysis attempts. At the moment, the tech giant says it can’t pinpoint who is behind the malware but hopes that publicly sharing information will lower the number of people who might be snared.

Microsoft suggests that to avoid falling prey to malware, users should have antivirus software, cloud-based anti-phishing and anti-malware components on their devices. The tech giant's warning serves as a reminder of the importance of vigilance in the face of increasingly sophisticated cyber threats. The discovery of StilachiRAT underscores the need for robust security measures to protect against evolving cyber threats. Users are advised to take strong security precautions, including updating browsers and security software, using strong and unique passwords, and enabling two-factor authentication. Additionally, users are encouraged to be cautious of phishing attempts and to avoid downloading software from untrusted sources.