Recently, Microsoft sounded the alarm over StilachiRAT, a newly discovered remote access trojan (RAT) designed to steal sensitive data from compromised systems.

The tech giant’s incident response team first identified the malware in November 2024 and has now issued a public warning, urging businesses to take the necessary proactive security measures to protect themselves.

While StilachiRAT does not appear to be widespread at this moment, its sophisticated evasion techniques and persistence mechanisms make it a real problem, especially for companies handling sensitive financial, corporate, and personal data, and those dealing with crypto currency.

How StilachiRAT Works

StilachiRAT works as a stealthy backdoor that gives cybercriminals remote access to infected systems.

Once deployed, the malware gathers detailed system information and then carries out an extensive search for stored credentials, particularly those linked to cryptocurrency wallet extensions on Google Chrome.

To cause its chaos, these are some of the characteristics it is known to do:

• Extract usernames and passwords that are stored in Chrome.
• Continuously scan for copied credentials, including cryptocurrency keys.
• Monitor Remote Desktop Protocol (RDP) sessions, which potentially allows attackers to move from one side of a network to another.
• Execute various commands, such as rebooting the system, clearing the logs, and modifying registry entries.
• Use the Windows service control manager and watchdog threads to stop it from being removed.

Microsoft has not yet linked StilachiRAT to any known hacking groups or nations, but its complexity suggests that it is a part of a well-funded operation, one with a high level of technical expertise.

Advanced Evasion and Anti-Forensic Techniques

What makes StilachiRAT so different compared to other malware threats, and what makes it rather a scary trojan, is its uncanny ability to totally avoid detection.

Microsoft’s analysis found that the malware actively clears event logs, making it harder for security teams to trace its activity. It also continuously checks for analysis tools and sandbox environments, which has essentially stopped researchers from fully examining its behaviour.

StilachiRAT also scrambles Windows API calls and encodes many of its internal strings, which greatly complicates any attempts at manual analysis.

These measures all ensure that the malware stays hidden for as long as possible, which, as you can imagine, gives it more time to be a problem.

How StilachiRAT Spreads

Microsoft has not spoken about the exact way the trojan spreads, but if we look at similar threats, we can surmise that it is delivered through trojanised software, phishing emails and compromised websites, all of which can be avoided if your staff are well-trained in online security protocols.

*

Online threats are growing, but your business doesn’t have to be vulnerable. When you work with an expert IT company, like 24/7 IT Services, you can rest easy knowing that you and your company data are well protected. For advanced IT Security Solutions, Managed IT Support and more, contact us today.

The post Microsoft Warns of New StilachiRAT Malware Targeting Sensitive Data appeared first on 247 IT Services.

According to Fortinet, a leading cybersecurity in the United States, the latest version of the Snake keylogger (also known as 404 Keylogger) has been responsible for over 280 million attack attempts since the beginning of 2025!

This malware has been detected executing up to 14 million infection attempts per day, making it one of the worst cyber threats of the year, so far.

How the Snake Keylogger Works

The Snake keylogger is designed to quietly monitor and record keystrokes made by users on infected devices, allowing the cybercriminals to easily gather sensitive information such as passwords, financial details, and personal data.

Once they have their hands on this data, the stolen information is then sent back to the attackers using various channels, such as SMTP email servers, Telegram bots, and HTTP post requests.

This malware is particularly dangerous because it goes well beyond simple keystroke logging.

It can access browser autofill data and then steal personally identifiable information, and even geolocation details.

Cybersecurity experts have warned that both individuals and businesses are at high risk of being exploited, with the potential consequences ranging from unauthorised financial transactions to identity theft and corporate data breaches.

Designed to Evade Detection

The Snake keylogger is built using AutoIT, a Windows-based automation scripting language, which is especially effective when used to infect Windows.  

Once installed, it neatly embeds itself into the system’s Startup folder, allowing it to begin its data theft every time the device is started. Unlike many other malware strains, it does not require administrative privileges to run, making it even more insidious and effective for the attacker.

Security experts have specifically highlighted that the latest version of the Snake keylogger makes use of advanced obfuscation techniques (which are techniques made to hide their attacks) which is disguising its malicious code within legitimate system processes.

This makes it that much harder for antivirus software to detect and remove the malware before it causes damage.

The Growing Threat of Phishing Attacks

Like many other forms of malware, the Snake keylogger primarily spreads through phishing attacks.

Cybercriminals are basically tricking unaware users into downloading the malicious attachments or the users are being tricked into clicking on harmful links in emails that appear legitimate.

Phishing scams are becoming more and more difficult to identify, with attackers convincingly impersonating reputable organisations and using persuasive language to convince recipients to interact with their phishing messages.

How UK Businesses Can Protect Themselves

Given the scale and sophistication of this malware, UK business owners using Microsoft products should take immediate action to check and improve their cybersecurity measures. To reduce the risk of infection, experts recommend that you take the following steps:

• Educate your employees by conducting regular cybersecurity training to help staff recognise phishing attempts and to encourage staff to avoid clicking on suspicious links or attachments.
• Enhance your email security by using advanced email filtering solutions to identify and block phishing emails before they even reach inboxes.
• Keep software updated to ensure that all operating systems, software, and antivirus applications are regularly updated to patch vulnerabilities that malware could exploit.
• Use strong authentication and use multi-factor authentication (MFA) to add an extra layer of security to accounts and sensitive systems.
• Monitor all of your network activity by using detection systems to identify and respond to suspicious activity before it escalates into a security breach.

For those concerned about their cybersecurity setup, consulting with IT security professionals, like 24/7 IT Services, is the best course of action. We provide our clients with expert IT security solutions, managed IT support, and more. Contact us today to book a consultation.

The post A New High-Risk Snake Keylogger is Attacking Windows Users appeared first on 247 IT Services.