BlockNews
  • Crypto
  • Finance
  • Politics
  • Memecoins
  • NFT
  • Technology
  • Opinion
No Result
View All Result
FOLLOW
BlockNews
  • Crypto
  • Finance
  • Politics
  • Memecoins
  • NFT
  • Technology
  • Opinion
No Result
View All Result
BlockNews

Crypto Hack Alert: Microsoft Warns of StilachiRAT Malware Targeting Crypto Wallets

by Sham
March 18, 2025
in Crypto, Finance, Technology
A A
Crypto Hack Alert: Microsoft Warns of StilachiRAT Malware Targeting Crypto Wallets
8
SHARES
Share on TwitterShare on Reddit
  • StilachiRAT is a stealthy malware that steals credentials, crypto wallets, and system data while evading detection.
  • It can execute remote commands, wipe event logs, and even shut down infected systems.
  • Palo Alto Networks uncovered additional threats, including an IIS backdoor, a bootkit, and a post-exploitation framework.

Microsoft is sounding the alarm on a newly uncovered remote access trojan (RAT) dubbed StilachiRAT—an elusive piece of malware built to dodge detection, dig in deep, and siphon sensitive data straight from infected systems.

🚨 ALERT: Microsoft has identified a remote access trojan (RAT) named 'StilachiRAT' which is capable of stealing crypto wallet data pic.twitter.com/doHCSxhhgm

— BlockNews (@blocknewsdotcom) March 18, 2025

What is StilachiRAT?

According to the Microsoft Incident Response team, StilachiRAT is designed to steal everything from browser-stored credentials to digital wallet info, clipboard data, and detailed system information. The malware, first spotted in November 2024, operates via a DLL module called “WWStartupCtrl64.dll.”

So far, no specific hacker group or nation has been linked to its development. Microsoft hasn’t confirmed how it spreads, but common delivery methods for such trojans include phishing emails, malicious downloads, or exploited vulnerabilities. The bottom line? Organizations need to stay ahead of the game with strong security protocols.

How Does StilachiRAT Work?

This RAT goes all-in on system reconnaissance. It collects OS details, BIOS serial numbers, camera presence, active Remote Desktop Protocol (RDP) sessions, and even running GUI applications. Using Component Object Model (COM) and WMI Query Language (WQL), it methodically pulls system data without raising red flags.

One of its more alarming features is its focus on cryptocurrency wallets. StilachiRAT scans for wallet extensions in Google Chrome, specifically targeting major players like MetaMask, Trust Wallet, Coinbase Wallet, Phantom, TronLink, and several others. Once inside, it doesn’t just steal credentials—it also lifts clipboard content, watches RDP sessions, and beams the stolen data back to its remote command-and-control (C2) server.

A Multi-Purpose Espionage Tool

The malware’s C2 connection isn’t just for data theft; it allows remote operators to execute commands in real-time. Microsoft has identified at least 10 different functions StilachiRAT can perform:

  • Display an HTML-rendered dialog box from a supplied URL (Command 07)
  • Wipe event logs to erase forensic traces (Command 08)
  • Shut down the system using an undocumented Windows API (Command 09)
  • Establish outbound or inbound network connections (Commands 13 & 14)
  • Terminate active network connections (Command 15)
  • Launch applications remotely (Command 16)
  • Scan open windows for specific title bar text (Command 19)
  • Put the system into sleep or hibernation mode (Command 26)
  • Steal Chrome passwords outright (Command 30)

To evade detection, StilachiRAT employs anti-forensic techniques, including event log clearing and sandbox evasion—constantly checking for analysis tools before fully activating.

The Bigger Cybersecurity Picture

This disclosure comes as Palo Alto Networks’ Unit 42 reports three more unusual malware strains circulating in the wild:

  • An IIS backdoor that parses incoming HTTP requests and executes embedded commands.
  • A bootkit that installs a GRUB 2 bootloader through an unsecured kernel driver (potentially a prank, as it plays Dixie through the PC speaker upon reboot).
  • A Windows implant of ProjectGeass, a sophisticated post-exploitation framework.

These discoveries highlight the increasing sophistication of cyber threats. As attackers refine their techniques, organizations must stay proactive—because once malware like StilachiRAT burrows in, it doesn’t let go easily.

Tags: Microsoftremote access trojanStilachiRAT
Tweet2ShareShare3

DON'T MISS THESE! HOT OFF THE PRESS

Circle Freezes $57 Million in USDC Tied to LIBRA Team Amid Legal Dispute
Crypto

Circle Freezes $57 Million in USDC Tied to LIBRA Team Amid Legal Dispute

May 28, 2025
GameStop Makes First Move into Bitcoin with Massive $513M Investment: What’s Next?
Bitcoin

GameStop Makes First Move into Bitcoin with Massive $513M Investment: What’s Next?

May 28, 2025
Bitcoin Is Coming to Cardano—And It Could Change Everything
Bitcoin

Bitcoin Is Coming to Cardano—And It Could Change Everything

May 28, 2025
JD Vance Declares White House Support for Crypto Industry: What You Need to Know
Crypto

JD Vance Declares White House Support for Crypto Industry: What You Need to Know

May 28, 2025
Elon Musk Explains Why He is Disappointed in Trump’s Big Beautiful Tax Bill
Finance

Elon Musk Explains Why He is Disappointed in Trump’s Big Beautiful Tax Bill

May 28, 2025
Lace Wallet Showcases Bitcoin on Cardano DeFi: This Changes Everything and Here is Why
Bitcoin

Lace Wallet Showcases Bitcoin on Cardano DeFi: This Changes Everything and Here is Why

May 28, 2025
Load More

Related News

Circle Freezes $57 Million in USDC Tied to LIBRA Team Amid Legal Dispute

Circle Freezes $57 Million in USDC Tied to LIBRA Team Amid Legal Dispute

May 28, 2025
GameStop Makes First Move into Bitcoin with Massive $513M Investment: What’s Next?

GameStop Makes First Move into Bitcoin with Massive $513M Investment: What’s Next?

May 28, 2025
Bitcoin Is Coming to Cardano—And It Could Change Everything

Bitcoin Is Coming to Cardano—And It Could Change Everything

May 28, 2025
JD Vance Declares White House Support for Crypto Industry: What You Need to Know

JD Vance Declares White House Support for Crypto Industry: What You Need to Know

May 28, 2025
Elon Musk Explains Why He is Disappointed in Trump’s Big Beautiful Tax Bill

Elon Musk Explains Why He is Disappointed in Trump’s Big Beautiful Tax Bill

May 28, 2025
Discord Twitter Youtube TikTok Instagram

BLOCKNEWS.COM

BlockNews

BlockNews.com is your premier source for real-time cryptocurrency, blockchain, and financial market news.

Our mission is to deliver accurate, timely, and insightful information to help both seasoned investors and newcomers navigate the evolving digital economy.

With in-depth analysis, exclusive insights, and up-to-date news, BlockNews.com keeps you informed on the latest trends in crypto, DeFi, NFTs, tech, and beyond.

Stay ahead of the herd with BlockNews.com

RESOURCES

  • About
  • Contact Us
  • Terms and Conditions
  • Privacy Policy

POPULAR TOPICS

$ADA $XRP AI Avalanche Binance Bitcoin Bitcoin ETF blackrock Blockchain BTC Business Cardano China Coinbase Coinglass crypto cryptocurrency Crypto Exchange Crypto Regulation DeFi Dogecoin Donald Trump Elon Musk ETF eth ethereum Federal Reserve FTX grayscale Memecoin metaverse Microstrategy NFT NFTs PEPE ripple sec Shiba Inu Solana Stablecoin Technology twitter US Web3 xrp

GET QUICKER UPDATES ON X

© 2022-2025 BlockNews.com - Crypto and NFT news website by Aiur Labs.

No Result
View All Result
  • Home
  • Crypto
  • Memecoins
  • Technology
  • Politics
  • Finance
  • NFT
  • DeFi
  • Opinion

© 2022-2025 BlockNews.com - Crypto and NFT news website by Aiur Labs.