Clinton Chidera
@dapplab
Microsoft has identified a new remote access trojan (RAT) named StilachiRAT, which specifically targets cryptocurrency wallet extensions within the Google Chrome browser. Targeted Wallet Extensions: StilachiRAT scans for configuration data from 20 different cryptocurrency wallet extensions, including: MetaMask Coinbase Wallet Trust Wallet OKX Wallet Bitget Wallet Phantom TronLink TokenPocket BNB Chain Wallet Sui Wallet Braavos - Starknet Wallet Leap Cosmos Wallet Manta Wallet Keplr Compass Wallet for Sei Math Wallet Fractal Wallet Station Wallet ConfluxPortal Plug Malware Capabilities: First detected in November 2024, this malware exhibits advanced evasion techniques, enabling it to steal sensitive user data, including credentials and cryptocurrency keys. Collect system data, including hardware identifiers and active applications. Monitor Remote Desktop Protocol (RDP) sessions, potentially allowing attackers to impersonate users.
1 reply
0 recast
0 reaction
Clinton Chidera
@dapplab
Execute remote commands, clear logs, and manipulate registry settings to maintain persistent access. Recommendation: Implications: The emergence of StilachiRAT underscores the evolving tactics of cybercriminals targeting the cryptocurrency sector. Users relying on browser-based wallet extensions are particularly vulnerable, as the malware's sophisticated evasion techniques make detection challenging. The ability to monitor clipboard activity and extract saved credentials poses significant risks, potentially leading to unauthorized access and theft of digital assets. To mitigate the threat posed by StilachiRAT: Download software only from official and trusted sources. Use reputable antivirus and anti-malware solutions with real-time protection. Enable cloud-delivered security features and browser protections like Microsoft Defender and SmartScreen. Regularly update all software, including browsers and wallet extensions, to patch known vulnerabilities.
1 reply
0 recast
0 reaction
