Today this is Microsoft Windows only, via WWStartupCtrl64.dll

The chrome extension identifiers are for wallets, obviously. Developer mode helps you see it.

Wonder which nation state is behind StilachiRAT...

Overall, a good read:

Today this is Microsoft Windows only, via WWStartupCtrl64.dll

The chrome extension identifiers are for wallets, obviously. Developer mode helps you see it.

Wonder which nation state is behind StilachiRAT...

Overall, a good read:

https://www.microsoft.com/en-us/security/blog/2025/03/17/stilachirat-analysis-from-system-reconnaissance-to-cryptocurrency-theft/