TLDR
- Microsoft discovered “StilachiRAT,” a new remote access trojan targeting crypto wallets in Chrome browser extensions
- The malware can steal data from 20 different wallet extensions including Coinbase, Trust Wallet, MetaMask, and OKX
- StilachiRAT steals credentials by extracting saved browser data and monitoring clipboard activity for sensitive information
- The malware uses advanced evasion techniques including clearing event logs and detecting analysis attempts
- Microsoft reports the malware doesn’t have widespread distribution yet but warns users to implement security measures
Microsoft’s security team has found a new type of malware that targets cryptocurrency held in browser wallet extensions. The remote access trojan (RAT), named StilachiRAT, can steal data from 20 different crypto wallet extensions in Google Chrome.
Microsoft first discovered this threat in November 2024. Their Incident Response Team published details about it on March 17, 2025, to warn users about the danger.
The malware can steal sensitive information stored in Chrome browsers. This includes usernames, passwords, and digital wallet data that users have saved.
Once StilachiRAT infects a computer, it scans for popular crypto wallet extensions. The list of targeted wallets includes Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet.
The malware has several methods to steal data. It can extract credentials saved in Chrome’s local storage files where passwords are kept.
It also monitors clipboard activity. This means it can steal information when users copy and paste things like passwords or crypto keys.
StilachiRAT uses advanced techniques to avoid detection. It can clear event logs that might show signs of its activity.
The malware also checks if it’s running in a sandbox environment. Sandboxes are tools security researchers use to analyze malware safely.
Microsoft hasn’t identified who created this malware yet. They’re sharing information now to help reduce the number of people who might fall victim to it.
Currently, StilachiRAT isn’t widespread according to Microsoft’s data. However, they warn that the threat landscape changes quickly.
The malware demonstrates sophisticated techniques
It can maintain access to infected systems and gather detailed information about them.
Beyond stealing wallet data, StilachiRAT collects system information. This includes operating system details, hardware identifiers, and information about connected cameras.
It establishes communication with remote command-and-control servers. These servers allow hackers to send commands to infected computers.
The hackers can use these connections to control infected systems remotely. They can execute commands including system reboots and registry changes.
Microsoft recommends using antivirus software
Microsoft recommends using antivirus software to protect against this threat. They suggest using cloud-based anti-phishing and anti-malware tools.
This discovery comes at a time when crypto-related crime is rising. According to blockchain security firm CertiK, losses to crypto scams, exploits, and hacks totaled nearly $1.53 billion in February alone.
Blockchain analytics firm Chainalysis reported that the past year saw $51 billion in illicit transaction volume. Their 2025 Crypto Crime Report states that crypto crime has entered a “professionalized era.”
This professional era includes AI-driven scams and stablecoin laundering. It also features efficient cyber criminal groups working together.
Microsoft continues to monitor for information about how StilachiRAT spreads. They note that such malware can be installed through many different methods.
For this reason, they stress that preventive security measures are critical. These measures help stop the initial infection from happening in the first place.
Stay Ahead of the Market with Benzinga Pro!
Want to trade like a pro? Benzinga Pro gives you the edge you need in today's fast-paced markets. Get real-time news, exclusive insights, and powerful tools trusted by professional traders:
- Breaking market-moving stories before they hit mainstream media
- Live audio squawk for hands-free market updates
- Advanced stock scanner to spot promising trades
- Expert trade ideas and on-demand support
