Microsoft Warns of New Malware StilachiRAT Targeting Credentials and Crypto Wallets

Titiksha Srivastav
By Titiksha Srivastav - Assistant Editor
5 Min Read

Microsoft has raised concerns over a newly discovered remote access trojan (RAT) named StilachiRAT, which is designed to evade detection while stealing sensitive user data. The malware, first detected in November 2024, has been found lurking in a DLL module called “WWStartupCtrl64.dll.”

While Microsoft has not attributed StilachiRAT to any specific cybercriminal group or nation-state, the company warns that its stealthy and sophisticated techniques make it a significant cybersecurity threat.

What Makes StilachiRAT Dangerous?

According to Microsoft Incident Response, StilachiRAT is designed to steal a wide range of data, including:

Login credentials stored in browsers
Cryptocurrency wallet information
Clipboard data, including copied passwords
Operating system details and hardware identifiers

The malware also conducts extensive system surveillance, monitoring active Remote Desktop Protocol (RDP) sessions, camera availability, and even running applications. All of this data is gathered through Windows Management Instrumentation (WMI) queries to remain undetected by traditional security tools.

Now Open: Pan-India Registration for Scam Reporters & Fraud Investigators!

Cybercriminals Targeting Crypto Wallets

One of the most concerning aspects of StilachiRAT is its targeting of cryptocurrency wallets. The malware is programmed to scan for and extract data from popular crypto wallet extensions in Google Chrome, including:

MetaMask
Trust Wallet
Coinbase Wallet
Phantom Wallet
BNB Chain Wallet
OKX Wallet
And many more

With the rise of digital assets, this attack vector poses a major threat to individual and corporate investors. Once infected, a victim’s stored credentials and wallet details can be exfiltrated to remote command-and-control (C2) servers, potentially leading to financial losses.

How StilachiRAT Operates

StilachiRAT does more than just steal data—it can execute remote commands sent from a hacker-controlled server. Microsoft has identified at least 10 commands that allow attackers to:

Clear system logs to erase traces of infection
Shutdown systems using hidden Windows API calls
Establish or terminate network connections
Launch applications remotely
Search for specific windows open on a desktop
Steal passwords from Google Chrome

The malware also checks for forensic tools and virtual environments, ensuring it does not activate under analysis. This makes it particularly difficult for security researchers to track.

A Growing Cybersecurity Threat Landscape

StilachiRAT is not the only concern. Microsoft’s warning comes alongside a report from Palo Alto Networks’ Unit 42, which has uncovered other sophisticated malware samples, including:

A hidden IIS backdoor that can execute commands secretly via HTTP requests.
A dangerous bootkit that manipulates system firmware using a signed Windows driver.
A Windows implant of ProjectGeass, a cross-platform hacking tool used for cyber espionage.

Among these, an unusual bootkit caught researchers’ attention—after installation, it plays the song “Dixie” through the PC speaker upon reboot. While this could be a cyber prank, security experts warn that such vulnerabilities could be weaponized for serious attacks.

How to Protect Yourself from StilachiRAT

With the rise of sophisticated cyber threats like StilachiRAT, Microsoft urges organizations and individuals to take proactive measures:

Keep software and security patches updated
Use endpoint detection solutions to monitor unusual activity
Enable multi-factor authentication (MFA) for all accounts
Regularly scan event logs for unauthorized deletions
Avoid downloading unverified applications or clicking unknown links
Secure cryptocurrency holdings with hardware wallets instead of browser extensions

As cybercriminals develop more advanced and undetectable malware, vigilance is key. Microsoft continues to investigate StilachiRAT and advises businesses and individuals to stay ahead of potential security risks.

Cybersecurity threats are constantly evolving—staying informed and prepared is the best defense against these digital dangers.

Follow The420.in on

 TelegramFacebookTwitterLinkedInInstagram and YouTube

Stay Connected