StilachiRAT: A Sophisticated Password-Stealing Trojan

Microsoft’s Incident Response team has identified a new remote access trojan (RAT) known as StilachiRAT, which poses a significant threat to computer users by stealing a wide range of sensitive information. This malware is particularly alarming due to its ability to automatically reinstall itself if removed, ensuring persistence on infected systems.

Key Features of StilachiRAT

• Self-Reinstatement Capability: StilachiRAT uses watchdog threads to reinstall itself if its binaries are removed, making it difficult to eradicate.
• Data Theft: The malware steals passwords, cryptocurrency wallet information, operating system details, device identifiers, and even camera presence data.
• Cryptocurrency Wallet Targets: It targets multiple cryptocurrency wallets, including Coinbase Wallet, Phantom, Trust Wallet, MetaMask, OKX Wallet, Bitget Wallet, and up to 20 others.
• Reconnaissance Abilities: StilachiRAT gathers extensive system information, including credentials stored in browsers, clipboard data, hardware identifiers, active Remote Desktop Protocol (RDP) sessions, and running GUI applications.
• Persistence Mechanisms: It uses the Windows service control manager to maintain persistence and reinstalls itself automatically.
• Evasion Techniques: The malware evades detection by clearing event logs and checking for sandbox environments to block analysis attempts.

Impact and Distribution

StilachiRAT was first discovered in November 2024 but has not yet reached widespread distribution. Microsoft has not linked it to any specific threat actor or geographical location.

How to Stay Safe

1. Download Software from Official Sources: Only download software from legitimate websites to avoid infection.
2. Use Security Software: Install and regularly update antivirus software to block malicious domains and email attachments.
3. Be Cautious of Phishing Attacks: Recognize common phishing signs such as misspelled domain names, suspicious email attachments, or urgent messages.
4. Use a VPN and Password Manager: Protect privacy with a VPN and secure passwords with a password manager.