Sophisticated malware is becoming an increasingly potent threat, as evidenced by the remote access trojan (RAT) that was recently discovered by Microsoft.
Dubbed StilachiRAT, the malware is designed to scan the Google Chrome browser for any of 20 crypto wallet extensions, including platforms like Coinbase Wallet, MetaMask, and Trust Wallet.
According to Microsoft, once the RAT detects a crypto wallet, it employs various techniques to siphon information from the system. These include extracting saved browser credentials and monitoring clipboard activity for passwords or crypto keys.
Once this sensitive data falls into the hands of bad actors, they can quickly drain the victim’s crypto wallet.
Bringing Awareness to the Capabilities
Microsoft first discovered evidence of StilachiRAT in November, and the tech firm said that it hasn’t yet been able to identify the cybercriminals behind the malware.
Though the RAT hasn’t yet gained widespread traction, Microsoft felt it was necessary to raise awareness about the malware due to its capabilities, the rapid evolution of the malware ecosystem, and to help reduce the number of potential victims.
One of the functions that makes StilachiRAT more impactful is its built-in evasion and anti-forensics mechanisms. For example, the malware can clear event logs and detect if it is operating in a sandbox environment to stave off detection.
To protect themselves from this threat, Microsoft suggests that crypto holders ensure they have up-to-date antivirus software, anti-phishing tools, and anti-malware defenses on their devices.
Threats Against Crypto Owners
Cryptocurrencies have gained significant attention over the past few years, but their decentralized nature—coupled with an often lacking regulatory framework—has made digital asset owners prime targets for cybercriminals.
These threats are supercharged by technology like Malware-as-a-Service (MaaS) platforms, which lower the technological bar for criminals and even allow them to outsource attacks. According to data from Darktrace, MaaS-based attacks picked up steam in the latter half of last year and now account for 57% of identified fraud activities.
One of the most commonly used malware tools identified in the Darktrace study was remote access trojan software, because of its efficiency and capability.
