By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Viral Trending contentViral Trending content
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
Reading: A Stealthy RAT Targeting Credentials and Crypto Wallets
Notification Show More
Viral Trending contentViral Trending content
  • Home
  • Categories
    • World News
    • Politics
    • Sports
    • Celebrity
    • Business
    • Crypto
    • Tech News
    • Gaming News
    • Travel
  • Bookmarks
© 2024 All Rights reserved | Powered by Viraltrendingcontent
Viral Trending content > Blog > Tech News > A Stealthy RAT Targeting Credentials and Crypto Wallets
Tech News

A Stealthy RAT Targeting Credentials and Crypto Wallets

By Viral Trending Content 5 Min Read
Share
SHARE
StilachiRAT Targeting Credentials and Crypto Wallets

Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data.

The malware contains capabilities to “steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored in the clipboard, as well as system information,” the Microsoft Incident Response team said in an analysis.

The tech giant said it discovered StilachiRAT in November 2024, with its RAT features present in a DLL module named “WWStartupCtrl64.dll.” The malware has not been attributed to any specific threat actor or country.

It’s currently not clear how the malware is delivered to targets, but Microsoft noted that such trojans can be installed via various initial access routes, making it crucial for organizations to implement adequate security measures.

Cybersecurity

StilachiRAT is designed to gather extensive system information, including operating system (OS) details, hardware identifiers like BIOS serial numbers, camera presence, active Remote Desktop Protocol (RDP) sessions, and running graphical user interface (GUI) applications.

These details are collected through the Component Object Model (COM) Web-based Enterprise Management (WBEM) interfaces using WMI Query Language (WQL).

It’s also engineered to target a list of cryptocurrency wallet extensions installed within the Google Chrome web browser. The list encompasses Bitget Wallet, Trust Wallet, TronLink, MetaMask, TokenPocket, BNB Chain Wallet, OKX Wallet, Sui Wallet, Braavos – Starknet Wallet, Coinbase Wallet, Leap Cosmos Wallet, Manta Wallet, Keplr, Phantom, Compass Wallet for Sei, Math Wallet, Fractal Wallet, Station Wallet, ConfluxPortal, and Plug.

Furthermore, StilachiRAT extracts credentials stored in the Chrome browser, periodically collects clipboard content such as passwords and cryptocurrency wallets, monitors RDP sessions by capturing foreground window information, and establishes contact with a remote server to exfiltrate the harvested data.

The command-and-control (C2) server communications are two-way, allowing the malware to launch instructions sent by it. The features point to a versatile tool for both espionage and system manipulation. As many as 10 different commands are supported –

  • 07 – Display a dialog box with rendered HTML contents from a supplied URL
  • 08 – Clear event log entries
  • 09 – Enable system shutdown using an undocumented Windows API (“ntdll.dll!NtShutdownSystem”)
  • 13 – Receive a network address from the C2 server and establish a new outbound connection.
  • 14 – Accept an incoming network connection on the supplied TCP port
  • 15 – Terminate open network connections
  • 16 – Launch a specified application
  • 19 – Enumerate all open windows of the current desktop to search for a requested title bar text
  • 26 – Put the system into either a suspended (sleep) state or hibernation
  • 30 – Steal Google Chrome passwords

“StilachiRAT displays anti-forensic behavior by clearing event logs and checking certain system conditions to evade detection,” Microsoft said. “This includes looping checks for analysis tools and sandbox timers that prevent its full activation in virtual environments commonly used for malware analysis.”

Cybersecurity

The disclosure comes as Palo Alto Networks Unit 42 detailed three unusual malware samples that it detected last year, counting a passive Internet Information Services (IIS) backdoor developed in C++/CLI, a bootkit that uses an unsecured kernel driver to install a GRUB 2 bootloader, and a Windows implant of a cross-platform post-exploitation framework developed in C++ called ProjectGeass.

The IIS backdoor is equipped to parse certain incoming HTTP requests containing a predefined header and execute the commands within them, granting it the ability to run commands, get system metadata, create new processes, execute PowerShell code, and inject shellcode into a running or new process.

The bootkit, on the other hand, is a 64-bit DLL that installs a GRUB 2 bootloader disk image by means of a legitimately signed kernel driver named ampa.sys. It’s assessed to be a proof-of-concept (PoC) created by unknown parties from the University of Mississippi.

“When rebooted, the GRUB 2 bootloader shows an image and periodically plays Dixie through the PC speaker. This behavior could indicate that the malware is an offensive prank,” Unit 42 researcher Dominik Reichel said. “Notably, patching a system with this customized GRUB 2 bootloader image of the malware only works on certain disk configurations.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

You Might Also Like

Top 3 leadership myths debunked

Adds Device Fingerprinting, PNG Steganography Payloads

Your Delivery Robot Is Here

Samsung Galaxy Tab S11 Review: It’s Time For Something New

How the World’s Largest 3D Object Library By Microsoft & NVIDIA

TAGGED: Credential Theft, Crypto Security, Cyber Security, Cybersecurity, Data Exfiltration, Incident response, Internet, Malware, Microsoft, Remote Access Trojan, Threat Intelligence, windows security
Share This Article
Facebook Twitter Copy Link
Previous Article Just released: March’s higher-risk, high-reward stock recommendation [PREMIUM PICKS]
Next Article Colorado bill would remake federal program that subsidizes hospitals in bid to lower patients’ costs
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

- Advertisement -
Ad image

Latest News

Patricia Routledge Net Worth: How Much Money the ‘Keeping Up With Appearances’ Star Had
Celebrity
Ghost of Yōtei’s Open World is a Cut Above Its Competition
Gaming News
The best guns in the Black Ops 7 beta in early access
Gaming News
6-story office building to be converted into housing in Denver’s Capitol Hill
Business
Could Trump’s $2,000 tariff rebates for Americans stimulate an altcoin surge?
Crypto
Hegseth announces latest strike on boat near Venezuela he says was trafficking drugs
World News
Top 3 leadership myths debunked
Tech News

About Us

Welcome to Viraltrendingcontent, your go-to source for the latest updates on world news, politics, sports, celebrity, tech, travel, gaming, crypto news, and business news. We are dedicated to providing you with accurate, timely, and engaging content from around the globe.

Quick Links

  • Home
  • World News
  • Politics
  • Celebrity
  • Business
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
  • Sports
  • Crypto
  • Tech News
  • Gaming News
  • Travel

Trending News

cageside seats

Unlocking the Ultimate WWE Experience: Cageside Seats News 2024

Patricia Routledge Net Worth: How Much Money the ‘Keeping Up With Appearances’ Star Had

Investing £5 a day could help me build a second income of £329 a month!

cageside seats
Unlocking the Ultimate WWE Experience: Cageside Seats News 2024
May 22, 2024
Patricia Routledge Net Worth: How Much Money the ‘Keeping Up With Appearances’ Star Had
October 3, 2025
Investing £5 a day could help me build a second income of £329 a month!
March 27, 2024
Brussels unveils plans for a European Degree but struggles to explain why
March 27, 2024
© 2024 All Rights reserved | Powered by Vraltrendingcontent
  • About Us
  • Contact US
  • Disclaimer
  • Privacy Policy
  • Terms of Service
Welcome Back!

Sign in to your account

Lost your password?