TZUTC: -0500   
   MSGID: 524.consprcy@1:2320/105 2c400ae7   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Microsoft warns of a devious new RAT malware which can avoid detection with   
   apparent ease   
      
   Date:   
   Tue, 18 Mar 2025 14:38:00 +0000   
      
   Description:   
   StilachiRAT malware hides easily, allows for remote code execution, and    
   steals data.   
      
   FULL STORY   
      
   A new Remote Access Trojan (RAT) has been spotted using sophisticated   
   techniques to hide and persist while it steals peoples sensitive information,   
   experts have warned.    
      
   Researchers at Microsoft said the malware is still too young to be attributed   
   to any specific actor, or threat campaign.    
      
   "In November 2024, Microsoft Incident Response researchers uncovered a novel   
   remote access trojan (RAT) we named StilachiRAT that demonstrates   
   sophisticated techniques to evade detection, persist in the target   
   environment, and exfiltrate sensitive data," Microsoft said.   
      
   Crypto in the crosshairs   
      
   The company did not explain how the RAT is distributed, but once its    
   installed on a device, it maintains persistence through the Windows service   
   control manager (SCM). It uses watchdog threats to track the malwares    
   binaries and recreate them if theyre removed, essentially reinstalling the   
   malware if necessary.    
      
   As for evasion and anti-forensics, it can clear event logs, and look for    
   signs that its running in a sandbox environment. If you even trick it to run   
   in a sandbox, its Windows API calls are still encoded as checksums that are   
   resolved dynamically at runtime, which makes analysis that much harder.    
      
   For features, StilachiRAT doesnt stray much from your usual Remote Access   
   Trojan. It targets credentials stored in the browser, digital wallet   
   information, data stored in the clipboard, and system information (hardware   
   identifiers, camera presence, active Remote Desktop Protocol (RDP) sessions,   
   and running GUI-based applications to profile targeted systems).    
      
   StilachiRAT is particularly interested in cryptocurrency wallets. It can scan   
   the configuration info of 20 wallet extensions such as Phantom, MetaMask,   
   Trust Wallet, and many others.    
      
   But the tool can do much more than just steal data - it allows for remote   
   command execution, granting the attackers the ability to restart the device,   
   run applications, and more. There are even commands built to "suspend the   
   system, modify Windows registry values, and enumerate open windows."    
      
    Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/microsoft-warns-of-a-devious-new-rat-ma   
   lware-which-can-avoid-detection-with-apparent-ease   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426