Microsoft Warns of New Remote Access Trojan Targeting Crypto Wallet Extensions on Chrome
Microsoft's cybersecurity team recently discovered a new remote access trojan (RAT) called StilachiRAT, specifically targeting cryptocurrency wallet extensions on the Google Chrome browser. This malware poses significant risks to individuals and institutions involved in the crypto space.
What is StilachiRAT?
Identified initially by Microsoft's Incident Response Team in November last year, StilachiRAT employs advanced techniques designed to evade detection by standard cybersecurity measures. Once deployed, the malware is capable of extracting sensitive user data, including:
Crypto wallet credentials (MetaMask, OKX Wallet, Coinbase Wallet, Trust Wallet)
Passwords and crypto keys stored within the Chrome browser
Data from clipboard activities
How Does StilachiRAT Work?
The malware targets users by scanning device settings to detect specific crypto wallet extensions. After identifying the targeted extensions, it utilizes sophisticated methods to steal sensitive data stored locally on the Chrome browser. This includes accessing crypto keys, passwords, and sensitive system information, such as:
Operating system details
BIOS serial numbers
Active Remote Desktop Protocol (RDP) sessions
Information regarding camera presence and running applications
StilachiRAT also possesses advanced anti-forensics capabilities, including clearing event logs and detecting sandbox environments to evade cybersecurity analysis.
Microsoft's Recommendations for Protection
To combat the threats posed by StilachiRAT, Microsoft advises individuals and businesses to:
Install and regularly update reputable antivirus software.
Use cloud-based anti-phishing and anti-malware tools.
Remain cautious about software downloads, as initial infection methods remain unclear.
Growing Threat Landscape in Crypto
The rise in crypto-related cybercrimes is concerning. Blockchain security firm CertiK reported losses of over $1.53 billion from crypto scams and hacks in February alone. Chainalysis, a blockchain analytics firm, also highlighted increased illicit on-chain activities and noted the growing sophistication and professionalization among cybercriminals.
In 2026, Chainalysis anticipates an increase in illicit activity as the crypto ecosystem continues to expand, potentially leading to further significant financial losses.
As cryptocurrency adoption expands, the need for robust cybersecurity practices becomes critical. Users must stay vigilant and proactively adopt measures to protect their digital assets from increasingly sophisticated cyber threats like StilachiRAT.