Michaela
Microsoft has uncovered a remote access trojan (RAT), dubbed StilachiRAT by its team, that can infiltrate 20 different cryptocurrency wallet extensions on the Google Chrome browser.
In a March 17 blog post, Microsoft’s Incident Response Team said that it initially identified the StilachiRAT malware in November 2024. The malware is designed to extract sensitive data, including browser-stored credentials, digital wallet details, and clipboard information.
Once deployed, StilachiRAT enables attackers to scan a device’s settings for installed cryptocurrency wallet extensions. The malware targets 20 different wallets, including Bitget Wallet, OKX Wallet, TronLink, and MetaMask, allowing bad actors to extract sensitive financial data.
Microsoft reported that StilachiRAT is equipped with advanced evasion techniques, including the ability to erase event logs and detect sandbox environments. These features help the malware avoid detection and hinder forensic analysis, making it more difficult for security researchers to track its activity.
Related: Indonesia Publishes List of 29 Licensed Crypto Exchanges for Trading
StilachiRAT is designed to evade detection by erasing event logs and identifying if it is operating in a sandbox environment to hinder analysis. Additionally, the malware can steal credentials stored in Google Chrome’s local state file and track clipboard activity to capture sensitive data such as passwords and crypto keys.
Furthermore, Microsoft has yet to link StilachiRAT to a known threat group or region. The company stated that, based on its current analysis, the malware is not widely distributed at this stage.
“However, due to its stealth capabilities and the rapid changes within the malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on the evolving threat landscape,” Microsoft wrote.
Related: AI Cited in Over 50,000 Job Cuts by Major U.S. Companies in 2025
Microsoft cautions that StilachiRAT and similar malware can infiltrate devices through multiple attack methods, often disguising themselves as legitimate software or official updates to deceive users.
To reduce the risk of malware infections, Microsoft advises users to download software only from official developer websites or trusted sources, emphasizing the importance of cybersecurity best practices.
Read More
- Lazarus Group Exploits Google Chrome Zero-Day Vulnerability in Crypto Attack
- Microsoft Cancels Data Leases, Fueling OpenAI Stargate Pullout Rumors
- Crypto Loss Risks: Vitalik Buterin Urges Better Wallet Security
MICHAELA
Michaela is a news writer focused on cryptocurrency and blockchain topics. She prioritizes rigorous research and accuracy to uncover interesting angles and ensure engaging reporting. A lifelong book lover, she applies her passion for reading to deeply explore the constantly evolving crypto world.
