Microsoft warns of new remote access trojan targeting crypto wallets

Microsoft’s Incident Response Team has recently unveiled the emergence of a new remote access trojan (RAT) named StilachiRAT, which poses a serious threat to cryptocurrency holders using specific wallet extensions on the Google Chrome browser. As outlined in a blog post dated March 17, this malware was first detected in November 2024 and is designed to harvest sensitive information, including user credentials and digital wallet details.

StilachiRAT targets crypto wallet data by identifying and scanning for 20 popular wallet extensions installed on the victim’s device, such as Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet. The malware’s capability to extract credentials saved in the Google Chrome local state file, along with monitoring clipboard activity, enables it to capture crucial information like passwords and cryptocurrency keys.

Microsoft’s analysis revealed several noteworthy features of the StilachiRAT, including techniques that allow it to evade detection. The malware can erase event logs and check for signs of being analyzed in a sandbox environment—these defensive capabilities mean it can operate stealthily without raising alarms.

At this juncture, Microsoft has not been able to identify the creators of the trojan. However, the company is committed to disseminating information about such threats to reduce the risk of potential victims falling prey to these malicious activities. They emphasize the importance of maintaining robust security measures, such as utilizing antivirus software and implementing cloud-based anti-phishing and anti-malware solutions on devices.

Currently, reports indicate that StilachiRAT has not achieved widespread distribution, but the rapid evolution of malware tactics necessitates ongoing vigilance. This concern is underscored by broader statistics showcasing the rampant rise in cryptocurrency-related scams and hacks. According to blockchain security firm CertiK, losses attributed to these malicious activities reached nearly $1.53 billion in February alone, with a staggering $1.4 billion coming from a single incident involving the Bybit exchange.

The evolving landscape of cybercrime within the cryptocurrency sphere has been highlighted in Chainalysis’s 2025 Crypto Crime Report, which illustrates an increase in professionalization among cybercriminals. The report notes a concerning trend characterized by AI-driven scams and organized cyber syndicates, with illicit transaction volumes reaching approximately $51 billion over the past year.

In summary, the findings surrounding StilachiRAT serve as a critical reminder for cryptocurrency users to enhance their cybersecurity practices. As the malware environment continues to grow and adapt, remaining informed and cautious becomes essential for safeguarding digital assets.

Laura Bennett

Laura Bennett is a digital marketing strategist and writer with a keen eye for online trends and audience engagement. With over seven years of experience, she specializes in data-driven content and digital growth strategies. Based in Virginia Beach, VA, Laura covers the latest in marketing, business, and online branding.