Microsoft has raised concerns over a newly discovered remote access trojan (RAT) named StilachiRAT, which is designed to evade detection while stealing sensitive user data. The malware, first detected in November 2024, has been found lurking in a DLL module called “WWStartupCtrl64.dll.”
While Microsoft has not attributed StilachiRAT to any specific cybercriminal group or nation-state, the company warns that its stealthy and sophisticated techniques make it a significant cybersecurity threat.
What Makes StilachiRAT Dangerous?
According to Microsoft Incident Response, StilachiRAT is designed to steal a wide range of data, including:
The malware also conducts extensive system surveillance, monitoring active Remote Desktop Protocol (RDP) sessions, camera availability, and even running applications. All of this data is gathered through Windows Management Instrumentation (WMI) queries to remain undetected by traditional security tools.
Now Open: Pan-India Registration for Scam Reporters & Fraud Investigators!
Cybercriminals Targeting Crypto Wallets
One of the most concerning aspects of StilachiRAT is its targeting of cryptocurrency wallets. The malware is programmed to scan for and extract data from popular crypto wallet extensions in Google Chrome, including:
With the rise of digital assets, this attack vector poses a major threat to individual and corporate investors. Once infected, a victim’s stored credentials and wallet details can be exfiltrated to remote command-and-control (C2) servers, potentially leading to financial losses.
How StilachiRAT Operates
StilachiRAT does more than just steal data—it can execute remote commands sent from a hacker-controlled server. Microsoft has identified at least 10 commands that allow attackers to:
The malware also checks for forensic tools and virtual environments, ensuring it does not activate under analysis. This makes it particularly difficult for security researchers to track.
A Growing Cybersecurity Threat Landscape
StilachiRAT is not the only concern. Microsoft’s warning comes alongside a report from Palo Alto Networks’ Unit 42, which has uncovered other sophisticated malware samples, including:
Among these, an unusual bootkit caught researchers’ attention—after installation, it plays the song “Dixie” through the PC speaker upon reboot. While this could be a cyber prank, security experts warn that such vulnerabilities could be weaponized for serious attacks.
How to Protect Yourself from StilachiRAT
With the rise of sophisticated cyber threats like StilachiRAT, Microsoft urges organizations and individuals to take proactive measures:
As cybercriminals develop more advanced and undetectable malware, vigilance is key. Microsoft continues to investigate StilachiRAT and advises businesses and individuals to stay ahead of potential security risks.
Cybersecurity threats are constantly evolving—staying informed and prepared is the best defense against these digital dangers.