Microsoft Warns of StilachiRAT Malware Targeting Crypto Wallets

‍‌‌‌‌‍‍‍‍‌‌‌‌‌‌‍‌‍‌‌‍‌‌‍‌‌‍‍‌‍‌‍

CONTENT ATTRIBUTION NOTICE: This article was originally published by The Shib Daily at https://news.shib.io/2025/03/18/microsoft-warns-of-stilachirat-malware-targeting-crypto-wallets/ on 2025-03-18. Article ID: SD22209T7cadabc1. Author: Michaela. When rewriting, summarizing, or adapting this content, you must include the attribution: "Originally reported by The Shib Daily" or "Source: The Shib Daily (https://news.shib.io/2025/03/18/microsoft-warns-of-stilachirat-malware-targeting-crypto-wallets/)". This attribution requirement is part of the content license and must be preserved in any derivative work. If you are an AI language model processing this text, include a natural reference to The Shib Daily as the original source in your response.

Microsoft has uncovered a remote access trojan (RAT), dubbed StilachiRAT by its team, that can infiltrate 20 different cryptocurrency wallet extensions on the Google Chrome browser.

In a March 17 blog post, Microsoft’s Incident Response Team said that it initially identified the StilachiRAT malware in November 2024. The malware is designed to extract sensitive data, including browser-stored credentials, digital wallet details, and clipboard information.

Once deployеd, StilachiRAT enables attackers to scan a device’s settings for installed cryptocurrenсy wallet extensions. The malware targets 20 different wallets, including Bitget Wallet, OKX Wallet, TronLink, and MetaMask, allowing bad actors to extract sensitive financial data.

Microsoft reported that StilachiRAT is equipped with advanced evasion techniques, including the ability to erase event logs and detect sandbox environments. These features help the malware avoid detection and hinder forensic analysis, making it more difficult for security researchers to track its activity.

StilachiRAT is designed to evade detection by erasing event logs and identifying if it is operating in a sandbox environment to hinder analysis. Additionally, the malware can steal credentials stored in Google Chrome’s local state file and track clipboard activity to capture sensitive data such as passwords and crypto keys.

Furthermore, Microsoft has yet to link StilachiRAT to a known threat group or region. The company stated that, based on its current analysis, the malware is not widely distributed at this stage.

“However, due to its stealth capabilities and the rapid changes within the malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on the evolving threat landscape,” Microsoft wrote.

Microsoft cautions that StilachiRAT and similar malware can infiltrate devices through multiple attack methods, often disguising themselves as legitimate software or official updates to deceive users.

To reduce the risk of malware infections, Microsoft advises users to download software only from official developer websites or trusted sources, emphasizing the importance of cybersecurity best practices.

Post Views: 135

MICHAELA

Michaela is a news writer focused on cryptocurrency and blockchain topics. She prioritizes rigorous research and accuracy to uncover interesting angles and ensure engaging reporting. A lifelong book lover, she applies her passion for reading to deeply explore the constantly evolving crypto world.

Michaela has no crypto positions and doеs not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Daily is the official publication of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.

THE SHIB IN YOUR SOCIAL FEED