Microsoft warns of discovering a new type of remote access Trojan targeting encrypted wallets

According to Cointelegraph, tech giant Microsoft has discovered a new type of remote access Trojan (RAT) that specifically targets 20 cryptocurrency wallet extensions in the Google Chrome browser, stealing their encrypted assets. The Microsoft incident response team revealed in a blog post on March 17th that they first detected this malicious software called StilachiRAT in November last year. This software is capable of stealing credentials, digital wallet information, and clipboard data stored in the browser. After deployment, attackers can use StilachiRAT to scan the configuration information of 20 cryptocurrency wallet extensions, including Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet, in order to steal cryptocurrency wallet data. Microsoft analysis points out that "research on the WWStartupctrl64.dll module of StilachiRAT, which includes RAT functionality, shows that it uses various means to steal information from the target system." In addition to other functions, the malware can also extract credentials stored in the local state file of Google Chrome and monitor clipboard activity to obtain sensitive information such as passwords and encryption keys. It also has detection evasion and anti forensic functions, such as clearing event logs and checking if it is running in the sandbox to prevent analysis attempts. At present, Microsoft is unable to determine the mastermind behind the malicious software, but hopes to reduce the number of potential victims by publicly sharing information. Microsoft recommends that users take measures to avoid becoming victims of malicious software, including installing antivirus software, cloud based anti phishing, and anti malware components on their devices.