In November 2024, Microsoft Incident Response researchers uncovered a novel remote access trojan (RAT) they named StilachiRAT that demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data.
Analysis of the StilachiRAT’s WWStartupCtrl64.dll module that contains the RAT capabilities revealed the use of various methods to steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored in the clipboard, as well as system information. Microsoft has not yet attributed StilachiRAT to a specific threat actor or geolocation. Based on Microsoft’s current visibility, the malware does not exhibit widespread distribution at this time.
Read more…
Source: Microsoft
Related:
- Cyber criminals impersonate payroll, HR and benefits platforms to steal information and funds
May 8, 2025
The relentless battle against online fraud is a constant evolution, a digital chase where security teams and malicious actors continually adapt. The increasing sophistication of attacks is blurring the lines between legitimate user behavior and impersonation attempts. The campaign we are exposing today is a reminder that even the most advanced security technologies do not dissuade ...
- A timeline of South Korean telco giant SKT’s data breach
May 8, 2025
In April, South Korea’s telco giant SK Telecom (SKT) was hit by a cyberattack that led to the theft of personal data on approximately 23 million customers, equivalent to almost half of the country’s 52 million residents. At a National Assembly hearing in Seoul on Thursday, SKT chief executive Young-sang Ryu said about 250,000 users have ...
- Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)
May 7, 2025
In April of 2025, Rapid7 discovered and disclosed three new vulnerabilities affecting SonicWall Secure Mobile Access (“SMA”) 100 series appliances (SMA 200, 210, 400, 410, 500v). These vulnerabilities are tracked as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821. An attacker with access to an SMA SSLVPN user account can chain these vulnerabilities to make a sensitive system directory writable, ...
- State of ransomware in 2025
May 7, 2025
With the International Anti-Ransomware Day just around the corner on May 12, Kaspersky explores the ever-changing ransomware threat landscape and its implications for cybersecurity. According to Kaspersky Security Network data, the number of ransomware detections decreased by 18% from 2023 to 2024 – from 5,715,892 to 4,668,229. At the same time, the share of users affected ...
- Cyber Criminal Proxy Services Exploiting End of Life Routers
May 7, 2025
The Federal Bureau of Investigation (FBI) is issuing this announcement to inform individuals and businesses about proxy services taking advantage of end of life routers that are susceptible to vulnerabilities. When a hardware device is end of life, the manufacturer no longer sells the product and is not actively supporting the hardware, which also means ...
- Proof-of-Concept Released for SysAid On-Premise
May 7, 2025
In March 2025, SysAid released updates addressing XML (extensible markup language) external entity vulnerabilities and an OS command injection vulnerability in its on-premise platform. SysAid is an IT service management platform. Cyber Security firm watchTowr Labs has released proof-of-concept exploit code for four vulnerabilities, which were addressed in SysAid’s March 2025 release. The first two vulnerabilities, ...