StilachiRAT Malware Poses Threat to 20 Crypto Wallet Extensions
Microsoft has issued a warning about a newly discovered remote access trojan (RAT) known as StilachiRAT, which targets cryptocurrency wallets stored in Google Chrome extensions. The malware, first identified in November 2024, is capable of stealing browser credentials, digital wallet information, and clipboard data, posing a serious threat to crypto users.
According to a March 17 report from Microsoft’s Incident Response Team, StilachiRAT is designed to scan device settings and identify 20 different crypto wallet extensions, including Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet. Once deployed, the malware can extract sensitive data and allow cybercriminals to remotely access and drain funds from compromised wallets.
How StilachiRAT Operates
Microsoft’s analysis revealed that StilachiRAT leverages multiple techniques to collect information from an infected system.
- Credential Theft: The malware extracts saved credentials from Google Chrome’s local state file, giving attackers access to stored passwords.
- Clipboard Monitoring: It actively monitors clipboard activity to capture crypto wallet addresses, passwords, and private keys.
- Evasion Tactics: StilachiRAT includes anti-forensic features, such as the ability to clear event logs and detect sandbox environments, making it difficult for analysts to track its activity.
Unknown Attacker, But a Growing Concern
At present, Microsoft has not identified the actors behind StilachiRAT but emphasized that sharing this information publicly could help mitigate its impact.
“Based on our current visibility, the malware does not exhibit widespread distribution,” Microsoft noted. “However, due to its stealth capabilities and the rapidly evolving malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on emerging threats.”
Crypto Security Risks Continue to Rise
Microsoft’s warning comes amid a growing wave of cyber threats targeting the crypto industry.
In February 2025, losses from crypto scams, hacks, and exploits totaled approximately $1.53 billion, with the Bybit hack alone accounting for $1.4 billion of that sum, according to blockchain security firm CertiK.
Meanwhile, Chainalysis’ 2025 Crypto Crime Report highlighted that crypto-related crime is becoming more sophisticated, driven by AI-powered scams, stablecoin laundering, and organized cybercrime networks. The report estimated that illicit crypto transactions reached $51 billion over the past year.
How to Protect Against Malware Threats
To safeguard against malware like StilachiRAT, Microsoft recommends that users:
- Use reputable antivirus software to detect and block threats.
- Enable cloud-based anti-phishing and anti-malware tools for real-time protection.
- Regularly update browser extensions and verify that they come from official sources.
With cybercriminals continuously refining their tactics, staying proactive about security is essential for anyone holding crypto assets. Microsoft urges the community to remain vigilant and adopt best practices to protect against emerging cyber threats.
