StilachiRAT is a malicious tool designed to extract credentials and configuration details, enabling attackers to steal funds from victims’ wallets. It also tracks clipboard activity, looking for cryptocurrency keys or passwords that users might have copied, making it especially dangerous for individuals holding digital assets. Beyond data theft, StilachiRAT allows attackers to execute remote commands, delete logs, and alter system registry settings, ensuring ongoing access to compromised devices. The malware uses anti-forensic techniques to evade detection, such as identifying analysis tools and delaying execution.
A particularly alarming feature of StilachiRAT is its ability to collect detailed information about infected devices, including operating system data, hardware identifiers, and active applications. It also monitors Remote Desktop Protocol (RDP) sessions, enabling attackers to impersonate users and potentially spread across networks.
Although StilachiRAT is not yet widespread, Microsoft has emphasized the importance of taking proactive security measures to defend against this growing threat. The company recommends downloading software only from trusted sources, enabling Microsoft Defender real-time protection, activating cloud-delivered security, and using SmartScreen to block malicious websites.