Microsoft has issued a warning to users about newly identified malware, called Stilachirat. The company describes Stilachirat as a remote access Trojan (Rat) with advanced features that evade detection and steal sensitive data.
Stilachirat mainly targets cryptocurrency wallets, scanning for wallet extensions in Google Chrome. The malware is able to identify at least 20 different wallet extensions, including meta-evaluation, trust wallet, phantom, coinbase, bnb chain and bitmap wallet. Once these wallet extensions are detected,
Stilachirat extracts credentials and configuration details, allowing attackers to drain funds from victim wallets.
The malware also monitors clipboard activity, searching for cryptocurrency keys or passwords that users may have copied, a serious threat to those holding digital assets. In addition to stealing data, Stilachirat also grants attackers the ability to execute remote commands, clear logs, and manipulate system registry settings to maintain continuous access to infected devices. It uses anti-law technology to bypass security defenses, including identification of analysis tools and delayed execution.
One of the most interesting aspects of Stilachirat is its ability to collect detailed information about infected devices, such as operating system data, hardware identifiers, and active applications. It also monitors remote desktop protocol sessions, allowing attackers to imitate users and may propagate horizontally across the network.
Although Stilachirat has not yet been popularized, Microsoft stressed the importance of an active defense to prevent this growing threat. The company recommends taking multiple security measures, such as downloading software only from official sources, enabling Microsoft Defender to protect in real time, turning on security for cloud delivery, and using SmartScreen to block malicious websites.
