Microsoft Uncovers StilachiRAT, Targeting 20 Chrome Wallet Extensions

Coin WorldTuesday, Mar 18, 2025 5:28 am ET
1min read

Microsoft has uncovered a new and dangerous remote access trojan (RAT) known as StilachiRAT, which poses a significant threat to cryptocurrency holders. This malware, identified by Microsoft’s Incident Response Team in November, targets cryptocurrency holdings stored in 20 different wallet extensions on the Google Chrome browser. The discovery underscores the growing sophistication of cyber threats aimed at digital assets.

StilachiRAT is designed to steal sensitive data, including browser-stored credentials, digital wallet details, and information copied to the clipboard. Once deployed, the malware scans the system for configuration data from popular crypto wallet extensions such as Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet. Microsoft’s analysis of the malware’s WWStartupCtrl64.dll module revealed that StilachiRAT can extract credentials saved in Chrome’s local state file and monitor clipboard activity, posing a significant risk to users who copy and paste crypto keys or passwords.

One of the most concerning aspects of StilachiRAT is its ability to evade detection. The malware can clear event logs and check if it’s running in a sandbox environment, making it difficult for analysts and antivirus solutions to detect and mitigate the threat before it causes damage. This stealthy nature highlights the need for enhanced cybersecurity measures to protect against such advanced threats.

While the identity of the group or individual behind the StilachiRAT attack remains unknown, Microsoft’s disclosure of this information is aimed at reducing the number of potential victims. The company assures users that, based on their data, the malware has not yet begun to spread on a mass scale. However, given the ever-changing nature of the threat landscape and the stealthy capabilities of the trojan, users are advised to exercise caution.

The discovery of StilachiRAT comes at a time when crypto-related cybercrime is on the rise. The increasing sophistication of these attacks, driven by AI and highly efficient cyber syndicates, has led to significant financial losses. The evolving environment of cyber attacks on crypto wallets indicates that attackers are becoming smarter and more advanced, necessitating proactive measures from users and enhanced vigilance from cybersecurity experts.

To protect against malicious attacks like StilachiRAT, Microsoft recommends that users keep their antivirus programs and cloud-based protection up to date to block phishing and malware on all devices. Additionally, users should ensure that their Chrome extensions are updated, avoid downloading suspicious files, and be vigilant with clipboard activity to prevent the loss of cryptocurrency. In a landscape where billions of dollars are being lost to cryptocurrency offenses, any precaution can prove to be valuable.