PANews reported on March 18 that according to Cointelegraph, technology giant Microsoft has discovered a new remote access Trojan (RAT) that specifically targets 20 cryptocurrency wallet extensions in Google Chrome browsers to steal crypto assets. The Microsoft Incident Response Team revealed in a blog post on March 17 that they first detected the malware, called StilachiRAT, in November last year. The software is capable of stealing credentials, digital wallet information, and clipboard data stored in the browser. After deployment, attackers can use StilachiRAT to scan the configuration information of 20 cryptocurrency wallet extensions to steal encrypted wallet data, including Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet.
Microsoft's analysis states: "Research of StilachiRAT's WWStartupCtrl64.dll module, which contains RAT functionality, shows that it uses a variety of means to steal information from the target system." Among other capabilities, the malware can extract credentials saved in Google Chrome's local state file and monitor clipboard activity for sensitive information such as passwords and encryption keys. It also has detection evasion and anti-forensic capabilities, such as clearing event logs and checking whether it is running in a sandbox to thwart analysis attempts.
Microsoft is currently unable to identify the actor behind the malware, but hopes to reduce the number of potential victims by publicly sharing information. Microsoft recommends that users take steps to avoid becoming victims of malware, including installing antivirus software, cloud-based anti-phishing and anti-malware components on their devices.
