🖥 New Trojan Can Spy, Steal Cryptocurrency, and Disguise Itself to Avoid Detection

chushpan

Professional
Messages
661
Reaction score
449
Points
63
👉 A new remote access Trojan (RAT) for Windows, dubbed StilachiRAT, uses sophisticated techniques to avoid detection and can perform tasks ranging from reconnaissance to cryptocurrency theft.

📰 StilachiRAT, which has not yet been widely distributed and is not attributed to any known cybercriminal group, also uses watchdog threads to ensure self-repair if removed, according to a study by Microsoft Incident Response.

🗞 When analyzing the Trojan, researchers found that it collects extensive system information, including operating system details, device identifiers, BIOS serial numbers, and the presence of cameras.

📰 It also attacks 20 cryptocurrency wallet extensions for the Google Chrome browser, including Metamask, Coinbase wallet, Phantom, Kepler, and Trust.

👩‍💻 Microsoft says the malware communicates with two command and control (C2) servers and establishes communication channels via randomly selected TCP ports 53, 443, or 16000.

💻 StilachiRAT checks whether tcpview.exe is running on the system and, if so, stops it from running to avoid detection.

📌 According to Microsoft, the Trojan also monitors Remote Desktop Protocol sessions, intercepting information about foreground windows and duplicating security tokens to impersonate the user.
 
Top