Microsoft discovers StilachiRAT malware threatening cryptocurrency wallets' security

Microsoft has released a warning about a new type of malware, StilachiRAT, which secretly attacks cryptocurrency wallets and extracts data from browsers such as Google Chrome.

Based on a Mar. 17 announcement, StilachiRAT is a remote access trojan (RAT) that is designed to avoid detection and steal sensitive information.

Crypto users are at risk from StilachiRAT. Notably, the malware actively searches for crypto wallet extensions in Google Chrome, targeting at least 20 different wallets, such as MetaMask, Trust Wallet, Phantom, Coinbase, BNB Chain, and Bitget Wallet, among others.

Upon detection, the malware can extract stored credentials and configuration data, enabling attackers to drain victims' funds.

Furthermore, StilachiRAT monitors clipboard activity, searching for cryptocurrency keys and passwords that users may have copied, making it a direct threat to digital asset security.

The malware enables attackers to remotely execute commands, clear logs, and manipulate registry settings to maintain access. It uses anti-forensic measures, such as detecting analysis tools and delaying execution, to bypass security monitoring.

One of its main capabilities is system reconnaissance. StilachiRAT collects comprehensive information about the infected device, including OS details, hardware identifiers, and active applications. It also monitors Remote Desktop Protocol sessions, allowing attackers to impersonate users and move laterally across networks.

Although Microsoft has not yet attributed the malware to a specific threat actor, it warns that its stealth and sophisticated evasion tactics make it a serious threat.

While it is not yet widespread, Microsoft has urged users to be cautious.

"Malware like StilachiRAT can be installed through multiple vectors; therefore, it is critical to implement security hardening measures to prevent the initial compromise," the tech giant advised.

Recommended precautions include downloading software only from official sources, enabling Microsoft Defender real-time protection, turning on cloud-delivered security, and using SmartScreen to block malicious websites.

The crypto sector has long been targeted using increasingly sophisticated malware and cyberattacks. From trojans that drain wallets to phishing scams, attackers continue to develop their tactics to exploit vulnerabilities.

As previously reported by crypto.news, the $1.4 billion Bybit hack, the biggest crypto theft to date, allegedly began with malware disguised as a fake stock investment project.

Late last year, on-chain investigator Taylor Monahan identified a sophisticated social engineering scheme that pushed malware onto victims' devices during a fake job interview process.