BleepingComputer reports that advanced data exfiltration, persistence, and detection bypass capabilities have been integrated into the newly emergent StilachiRAT malware, which could become a significant cybersecurity threat even if it has not been widely distributed yet.
Aside from gathering system information, including active Remote Desktop Protocol sessions and hardware details, for reconnaissance, StilachiRAT also facilitates the theft of cryptocurrency assets and keys from 20 different wallet extensions, as well as browser-stored credentials, an analysis from Microsoft Incident Response researchers showed.
Windows service control manager has also been leveraged by the remote access trojan to ensure persistence while active RDP sessions are being tracked to facilitate lateral movement following compromise.
StilachiRAT was also discovered to have been incorporated with event log clearing, sandbox environment detection, and other anti-analysis features, as well as SOCKS-like proxying through commands enabling app execution, credential theft, system window manipulation, and system reboots.
Organizations have been urged to mitigate the risk brought by StilachiRAT by downloading software only from legitimate sources and implementing robust security solutions.