Microsoft has issued an urgent security advisory regarding a newly discovered malware strain called StilachiRAT, which specifically targets and exfiltrates data from Remote Desktop Protocol (RDP) sessions.
The sophisticated malware has been observed in targeted attacks against financial institutions, government agencies, and critical infrastructure organizations across multiple regions.
Security experts warn that this new threat possesses advanced capabilities to capture credentials, keystrokes, and even hijack ongoing RDP sessions without detection.
Initial infection typically occurs through phishing emails containing malicious attachments or via compromised websites serving exploit kits.
Once executed on a victim’s system, StilachiRAT establishes persistence by creating a scheduled task that runs at system startup and modifying registry keys to ensure it remains undetected by security solutions.
Microsoft Security researchers identified…
