It certainly seems impossible to keep up with all of the cyber threats that are floating around on the web lately. With AI creating new hacking opportunities and hackers themselves becoming increasingly more sophisticated, it is becoming difficult for companies to know where to put in the extra effort to secure their data.
Recently, Microsoft sounded the alarm over StilachiRAT, a newly discovered remote access trojan (RAT) designed to steal sensitive data from compromised systems.
The tech giant’s incident response team first identified the malware in November 2024 and has now issued a public warning, urging businesses to take the necessary proactive security measures to protect themselves.
While StilachiRAT does not appear to be widespread at this moment, its sophisticated evasion techniques and persistence mechanisms make it a real problem, especially for companies handling sensitive financial, corporate, and personal data, and those dealing with crypto currency.
How StilachiRAT Works
StilachiRAT works as a stealthy backdoor that gives cybercriminals remote access to infected systems.
Once deployed, the malware gathers detailed system information and then carries out an extensive search for stored credentials, particularly those linked to cryptocurrency wallet extensions on Google Chrome.
To cause its chaos, these are some of the characteristics it is known to do:
- Extract usernames and passwords that are stored in Chrome.
- Continuously scan for copied credentials, including cryptocurrency keys.
- Monitor Remote Desktop Protocol (RDP) sessions, which potentially allows attackers to move from one side of a network to another.
- Execute various commands, such as rebooting the system, clearing the logs, and modifying registry entries.
- Use the Windows service control manager and watchdog threads to stop it from being removed.
Microsoft has not yet linked StilachiRAT to any known hacking groups or nations, but its complexity suggests that it is a part of a well-funded operation, one with a high level of technical expertise.
Advanced Evasion and Anti-Forensic Techniques
What makes StilachiRAT so different compared to other malware threats, and what makes it rather a scary trojan, is its uncanny ability to totally avoid detection.
Microsoft’s analysis found that the malware actively clears event logs, making it harder for security teams to trace its activity. It also continuously checks for analysis tools and sandbox environments, which has essentially stopped researchers from fully examining its behaviour.
StilachiRAT also scrambles Windows API calls and encodes many of its internal strings, which greatly complicates any attempts at manual analysis.
These measures all ensure that the malware stays hidden for as long as possible, which, as you can imagine, gives it more time to be a problem.
How StilachiRAT Spreads
Microsoft has not spoken about the exact way the trojan spreads, but if we look at similar threats, we can surmise that it is delivered through trojanised software, phishing emails and compromised websites, all of which can be avoided if your staff are well-trained in online security protocols.
*
Online threats are growing, but your business doesn’t have to be vulnerable. When you work with an expert IT company, like 24/7 IT Services, you can rest easy knowing that you and your company data are well protected. For advanced IT Security Solutions, Managed IT Support and more, contact us today.
