Recently, Microsoft sounded the alarm over StilachiRAT, a newly discovered remote access trojan (RAT) designed to steal sensitive data from compromised systems.

The tech giant’s incident response team first identified the malware in November 2024 and has now issued a public warning, urging businesses to take the necessary proactive security measures to protect themselves.

While StilachiRAT does not appear to be widespread at this moment, its sophisticated evasion techniques and persistence mechanisms make it a real problem, especially for companies handling sensitive financial, corporate, and personal data, and those dealing with crypto currency.

How StilachiRAT Works

StilachiRAT works as a stealthy backdoor that gives cybercriminals remote access to infected systems.

Once deployed, the malware gathers detailed system information and then carries out an extensive search for stored credentials, particularly those linked to cryptocurrency wallet extensions on Google Chrome.

To cause its chaos, these are some of the characteristics it is known to do:

• Extract usernames and passwords that are stored in Chrome.
• Continuously scan for copied credentials, including cryptocurrency keys.
• Monitor Remote Desktop Protocol (RDP) sessions, which potentially allows attackers to move from one side of a network to another.
• Execute various commands, such as rebooting the system, clearing the logs, and modifying registry entries.
• Use the Windows service control manager and watchdog threads to stop it from being removed.

Microsoft has not yet linked StilachiRAT to any known hacking groups or nations, but its complexity suggests that it is a part of a well-funded operation, one with a high level of technical expertise.

Advanced Evasion and Anti-Forensic Techniques

What makes StilachiRAT so different compared to other malware threats, and what makes it rather a scary trojan, is its uncanny ability to totally avoid detection.

Microsoft’s analysis found that the malware actively clears event logs, making it harder for security teams to trace its activity. It also continuously checks for analysis tools and sandbox environments, which has essentially stopped researchers from fully examining its behaviour.

StilachiRAT also scrambles Windows API calls and encodes many of its internal strings, which greatly complicates any attempts at manual analysis.

These measures all ensure that the malware stays hidden for as long as possible, which, as you can imagine, gives it more time to be a problem.

How StilachiRAT Spreads

Microsoft has not spoken about the exact way the trojan spreads, but if we look at similar threats, we can surmise that it is delivered through trojanised software, phishing emails and compromised websites, all of which can be avoided if your staff are well-trained in online security protocols.

*

Online threats are growing, but your business doesn’t have to be vulnerable. When you work with an expert IT company, like 24/7 IT Services, you can rest easy knowing that you and your company data are well protected. For advanced IT Security Solutions, Managed IT Support and more, contact us today.

The post Microsoft Warns of New StilachiRAT Malware Targeting Sensitive Data appeared first on 247 IT Services.

Microsoft is quietly implementing a major change to how users sign into their accounts, and for business owners relying on Microsoft’s suite of products; this is news worth paying attention to.

Some in the tech news world were surprised that the announcement was discreetly tucked away in the Microsoft Account Help page. But while this update news has largely flown under the radar, its implications are significant.

Starting in February 2025, Microsoft accounts that are accessed via web browsers or apps will no longer log users out automatically when the browser or app is closed.

Without manually signing out, anyone using the same device afterwards could potentially access private emails, Cloud files on OneDrive, or even the browsing activity tied to the account.

A Security Shift That is Raising Serious Questions

For many users, automatic sign-outs have long been a safety net relied upon when accessing accounts on public or shared devices.

This default security feature, used by countless other platforms as well, ensures that sensitive information isn’t left exposed.

Removing this automatic logout raises an important question: why has Microsoft made this change?

One theory is convenience.

While Microsoft has dedicated apps for its services, a significant number of users still access their accounts through browsers, whether it’s Outlook for emails or OneDrive for file storage. For users accessing accounts on personal devices, removing the need to sign in repeatedly makes sense as it saves time.

However, this small convenience comes at a potentially great cost.

If users forget to manually log out or neglect to use private browsing mode (which will remain an alternative for those concerned about security), their accounts could be left vulnerable to unauthorised access.

This should be particularly concerning for businesses handling sensitive client data or financial information, where even a small lapse in security could have serious repercussions.

Microsoft’s move also mirrors the way Google accounts currently operate, where users remain signed in indefinitely unless they actively log out or enable private browsing. While this has become an accepted norm for many, it has also attracted criticism for introducing unnecessary risks, especially for users who don’t have two-factor authentication enabled.

Implications for Businesses

For businesses that depend on Microsoft’s suite of apps, this change simply highlights the importance of implementing and maintaining tough cybersecurity practices. Without the safety net of automatic sign-outs, it is more important than ever for organisations to encourage employees to adopt safer habits, such as:

• Manually logging out after using shared or public devices.
• Enabling two-factor authentication (2FA) to add an extra layer of security to their accounts.
• Using private browsing mode, particularly when accessing accounts on devices not owned by the organisation.

A Worrying Lack of Transparency

What is perhaps most concerning about this shift is Microsoft’s relatively quiet rollout of the update.

Unlike other major policy changes, which are often accompanied by prominent announcements or user notifications, this decision has been buried in the company’s support pages. For a change with such significant security implications, a clearer and more publicised communication strategy would have certainly been the better approach.

Since the update is set to take effect in February 2025, businesses have little time to prepare.

And while Microsoft could still introduce warning messages or pop-ups to remind users that they will remain logged in unless they take specific actions, it is best to be proactive to the change, and start logging out of apps accessed by browsers now.

*

Need help with your business IT Security? Or maybe you need Managed IT Support or a reliable VoIP provider? At 24/7 IT Services, we help companies like yours. Contact us today for more information.

The post Microsoft’s Quiet Login Update Could Impact Your Business Security appeared first on 247 IT Services.