Malware, Data Security

Novel sophisticated StilachiRAT malware emerges

Privacy concept: pixelated words Malware on digital background, 3d render

BleepingComputer reports that advanced data exfiltration, persistence, and detection bypass capabilities have been integrated into the newly emergent StilachiRAT malware, which could become a significant cybersecurity threat even if it has not been widely distributed yet.

Aside from gathering system information, including active Remote Desktop Protocol sessions and hardware details, for reconnaissance, StilachiRAT also facilitates the theft of cryptocurrency assets and keys from 20 different wallet extensions, as well as browser-stored credentials, an analysis from Microsoft Incident Response researchers showed.

Windows service control manager has also been leveraged by the remote access trojan to ensure persistence while active RDP sessions are being tracked to facilitate lateral movement following compromise.

StilachiRAT was also discovered to have been incorporated with event log clearing, sandbox environment detection, and other anti-analysis features, as well as SOCKS-like proxying through commands enabling app execution, credential theft, system window manipulation, and system reboots.

Organizations have been urged to mitigate the risk brought by StilachiRAT by downloading software only from legitimate sources and implementing robust security solutions.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds