Microsoft has discovered traces of a new malware. Called StilachiRAT, the virus is a Trojan horse, meaning malicious software that masquerades as a legitimate program to deceive users. It is equipped with a remote access module. This is why Microsoft describes the virus as a RAT (Remote Access Trojan), a Trojan horse capable of taking control of a system while the hackers are remote. The virus exclusively targets users of Google Chrome, which remains the most widely used web browser. in the world, who use a Windows PC.
Private keys, passwords... the virus takes over everything
Once in the system, the virus uses "various methods" to steal all available information. It particularly targets "credentials stored in the browser", such as passwords, and private keys linked to cryptocurrency wallets. These keys can be used to access a wallet containing digital assets.
With these keys, cybercriminals can help themselves to your cryptocurrencies with impunity. The funds can be sent to other blockchain addresses held by the hackers. The malware primarily attacks popular crypto wallets like Coinbase Wallet, Phantom, Trust Wallet, Metamask, OKX Wallet, and Bitget Wallet. In fact, it mainly targets the Chrome extensions for these different wallets.
In the process, StilachiRAT siphons data stored in the clipboard and information about the infected system. It also takes the trouble to monitor active desktop sessions (RDP) to attack other computers connected to the network. The virus is capable of suspending the system and restarting the computer on which it has entered. Finally, the malware has various tools to cover its tracks. In particular, it can erase event logs and block scan attempts launched by an antivirus.
To penetrate its targets' computers, StilachiRAT disguises itself as legitimate software accessible on the Internet. This is why Microsoft strongly recommends that all Internet users only download software from official sources. At this time, Microsoft researchers have not been able to attribute the cyberattack to a specific cybercriminal group.
Source: Microsoft
0 Comments