What is StilachiRAT malware?
In November 2024, Microsoft Incident Response researchers uncovered a remote access Trojan (RAT) called StilachiRAT. This discovery highlights the evolving nature of cyber threats, with the malware combining multiple malicious functions into a single tool for maximum impact.
Designed to evade detection and exfiltrate sensitive data, StilachiRAT steals credentials and extracts and decrypts usernames and passwords stored in Google Chrome. It performs extensive system reconnaissance, collecting details such as operating system information, BIOS (Basic Input/Output System) serial numbers, camera presence and active remote desktop protocol (RDP) sessions.
With a focus on stealing cryptocurrencies, StilachiRAT scans for up to 20 crypto wallet extensions within Chrome, including those from Coinbase, Fractal, Phantom, Manta and Bitget. It also monitors clipboard activity and running applications, specifically looking for sensitive information like passwords and private keys.
Although Microsoft has yet to attribute StilachiRAT to a specific