Malware News Microsoft warns of new remote access trojan targeting crypto wallets

Shadowra

Level 38
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,754
Microsoft’s Incident Response Team says bad actors could use StilachiRAT to steal credentials stored in the Google Chrome browser.

Tech giant Microsoft has discovered a new remote access trojan (RAT) that targets crypto held in 20 cryptocurrency wallet extensions for the Google Chrome browser.

Microsoft’s Incident Response Team said in a March 17 blog post that it first discovered the malware StilachiRAT last November and found it can steal information such as credentials stored in the browser, digital wallet information and data stored in the clipboard.

After deployment, the bad actors can use StilachiRAT to siphon crypto wallet data by scanning device settings to see if any of the 20 crypto wallet extensions are installed, including Coinbase Wallet, Trust Wallet, MetaMask and OKX Wallet.
“Analysis of the StilachiRAT’s WWStartupCtrl64.dll module that contains the RAT capabilities revealed the use of various methods to steal information from the target system,” Microsoft said.

Among its other capabilities, the malware can extract credentials saved in the Google Chrome local state file and monitor clipboard activity for sensitive information like passwords and crypto keys.

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top