Microsoft Warns of StilachiRAT Malware Targeting Crypto Wallets

Microsoft has uncovered a remote access trojan (RAT), dubbed StilachiRAT by its team, that can infiltrate 20 different cryptocurrency wallet extensions on the Google Chrome browser.

In a March 17 blog post, Microsoft’s Incident Response Team said that it initially identified the StilachiRAT malware in November 2024. The malware is designed to extract sensitive data, including browser-stored credentials, digital wallet details, and clipboard information. 

Once deployed, StilachiRAT enables attackers to scan a device’s settings for installed cryptocurrency wallet extensions. The malware targets 20 different wallets, including Bitget Wallet, OKX Wallet, TronLink, and MetaMask, allowing bad actors to extract sensitive financial data.

Microsoft reported that StilachiRAT is equipped with advanced evasion techniques, including the ability to erase event logs and detect sandbox environments. These features help the malware avoid detection and hinder forensic analysis, making it more difficult for security researchers to track its activity.

StilachiRAT is designed to evade detection by erasing event logs and identifying if it is operating in a sandbox environment to hinder analysis. Additionally, the malware can steal credentials stored in Google Chrome’s local state file and track clipboard activity to capture sensitive data such as passwords and crypto keys.

Furthermore, Microsoft has yet to link StilachiRAT to a known threat group or region. The company stated that, based on its current analysis, the malware is not widely distributed at this stage.

“However, due to its stealth capabilities and the rapid changes within the malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on the evolving threat landscape,” Microsoft wrote. 

Microsoft cautions that StilachiRAT and similar malware can infiltrate devices through multiple attack methods, often disguising themselves as legitimate software or official updates to deceive users.

To reduce the risk of malware infections, Microsoft advises users to download software only from official developer websites or trusted sources, emphasizing the importance of cybersecurity best practices.

Read More

Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.