Crypto Wallet Trojan StilachiRAT: Microsoft's Warning
Crypto Wallet Trojan StilachiRAT: Microsoft Issues Urgent Warning
Microsoft's Incident Response Team has issued a warning about StilachiRAT, a newly discovered remote access trojan (RAT) targeting cryptocurrency stored in popular browser extensions. The malware, first identified in November 2024, specifically targets 20 different cryptocurrency wallet extensions for the Google Chrome browser, including well-known names such as Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet.
How StilachiRAT Works
StilachiRAT operates by scanning infected devices for the presence of these targeted wallet extensions. Once detected, it siphons off sensitive data, including:
- Credentials stored in the browser
- Digital wallet information
- Clipboard data, which may contain private keys or passwords
The malware also employs advanced evasion techniques, including clearing event logs and checking for sandbox environments to hinder analysis. This makes detection and removal more challenging.
Protecting Yourself from StilachiRAT
While Microsoft hasn't identified the perpetrators, they emphasize the importance of proactive security measures. To mitigate the risk of infection, users should:
- Maintain updated antivirus software
- Utilize cloud-based anti-phishing and anti-malware solutions
The Growing Threat of Crypto Malware
The discovery of StilachiRAT highlights the escalating threat of sophisticated malware targeting the cryptocurrency industry. Losses from crypto scams, exploits, and hacks reached nearly $1.53 billion in February 2025 alone, according to CertiK. This underscores the need for robust security practices across the entire ecosystem.
Codeum, a leading blockchain security and development platform, offers a range of services to help protect your digital assets, including smart contract audits, KYC verification, and custom smart contract and DApp development. We also provide tokenomics and security consultation, and forge partnerships with launchpads and crypto agencies. Contact us today to learn how we can help secure your blockchain project.