Microsoft warns crypto users about new remote access Trojan targeting crypto wallets

Odaily News Tech giant Microsoft has discovered a new remote access Trojan (RAT) that specifically targets 20 cryptocurrency wallet extensions in the Google Chrome browser to steal crypto assets. Microsoft first detected the malware, called StilachiRAT, in November last year. The software is capable of stealing credentials, digital wallet information, and clipboard data stored in the browser. Once deployed, attackers can use StilachiRAT to scan the configuration information of 20 cryptocurrency wallet extensions to steal crypto wallet data, including Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet.
"Study of the WWStartupCtrl64.dll module of StilachiRAT, which contains RAT functionality, shows that it uses a variety of means to steal information from the target system," Microsoft's analysis noted. Among other capabilities, the malware can extract credentials saved in Google Chrome's local state files and monitor clipboard activity for sensitive information such as passwords and encryption keys. It also has detection evasion and anti-forensic capabilities, such as clearing event logs and checking if it is running in a sandbox to thwart analysis attempts.
At present, Microsoft has not been able to identify the culprit behind the malware, but hopes to reduce the number of potential victims by sharing information publicly. Microsoft recommends that users take measures to avoid becoming victims of malware, including installing antivirus software, cloud-based anti-phishing and anti-malware components on their devices. (Cointelegraph)