Microsoft Issues Warning About a New Remote Access Trojan That Targets Crypto Wallets

Microsoft has recently warned about a new remote access trojan (RAT) named StilachiRAT, which specifically targets crypto wallets.

This malware is designed to scan for configuration data from 20 different crypto wallet extensions for the Google Chrome browser, posing a significant threat to users who store their digital assets in these wallets.

The targeted extensions include popular ones like Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet.

The malware can steal credentials stored in the browser, digital wallet information, and data stored in the clipboard. It extracts credentials from Chrome's local state file and monitors clipboard activity for sensitive information like passwords and crypto keys.

StilachiRAT conducts system reconnaissance, gathering extensive system information such as hardware identifiers, camera presence, active Remote Desktop Protocol (RDP) sessions, and running GUI-based applications.

It employs sophisticated detection evasion and anti-forensics techniques, including clearing event logs and detecting sandbox environments to hinder analysis efforts.

Microsoft advises users to implement robust security measures to protect against StilachiRAT that include Installing and regularly updating antivirus software, using cloud-based anti-phishing and anti-malware components, enabling two-factor authentication for added security, and being cautious of phishing attempts and avoiding downloads from untrusted sources.

At present, Microsoft has not identified the perpetrators behind StilachiRAT, but by publicly sharing information, they aim to reduce the number of potential victims.

It's me, @justmythoughts, an ordinary Hive user looking to make the most of the platform. I will appreciate your support. Follow me for more. Thanks, Gracias :)

Posted Using INLEO