Microsoft warns new remote access Trojans for crypto wallets

PANews March 18th news, according to Cointelegraph, tech giant Microsoft has discovered a new type of remote access Trojan (RAT), which targets 20 cryptocurrency wallet extensions in Google Chrome to steal crypto assets. The Microsoft Incident Response Team revealed in a March 17 blog post that they first detected the malware called StilachiRAT last November. The software can steal credentials, digital wallet information, and clipboard data stored in the browser. After deployment, attackers can use StilachiRAT to scan the configuration information of 20 cryptocurrency wallet extensions to steal encrypted wallet data, including Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet.

Microsoft analysis pointed out: "Research on the WWStartupCtrl64.dll module of StilachiRAT, which contains RAT functionality, shows that it uses multiple means to steal information from the target system." Among other features, the malware can extract credentials saved in Google Chrome's local status file and monitor clipboard activity for sensitive information such as passwords and encryption keys. It also has detection evasion and anti-forensics capabilities, such as clearing event logs and checking whether it is running in a sandbox to prevent analysis attempts.

Currently, Microsoft is unable to identify the malware behind it, but hopes to reduce the number of potential victims by sharing information publicly. Microsoft recommends that users take steps to avoid becoming victims of malware, including installing antivirus software, cloud-based anti-phishing and anti-malware components on devices.