Microsoft Warns of New Malware, StilachiRAT, Targeting Crypto Wallets

StilachiRAT: A Growing Threat to Cryptocurrency Users

Microsoft has identified StilachiRAT, a dangerous remote access trojan (RAT) designed to steal data from cryptocurrency wallets and web browsers. The malware actively scans Google Chrome for wallet extensions, targeting at least 20 digital wallets, including:

• MetaMask
• Trust Wallet
• Phantom
• Coinbase
• BNB Chain
• Bitget Wallet

Once it detects these wallets, StilachiRAT extracts credentials and configuration details, allowing attackers to drain funds from victims’ accounts.

DON’T MISS THIS: IMF Deal: Kenya Seeks New Agreement After Scrapping Latest

How StilachiRAT Steals Crypto Assets

This malware goes beyond simply scanning browser data. StilachiRAT also:

• Monitors clipboard activity to steal copied cryptocurrency keys and passwords
• Executes remote commands to control infected devices
• Clears logs and manipulates registry settings for persistence
• Uses anti-forensic techniques to evade detection
• Collects detailed system data, including operating system details and active applications
• Monitors Remote Desktop Protocol (RDP) sessions, allowing hackers to impersonate users

By combining these tactics, attackers can maintain long-term access to compromised systems, increasing the risk for crypto users.

Microsoft’s Security Recommendations

Although StilachiRAT is not yet widespread, Microsoft warns that proactive defense is crucial. The company advises users to:

• Download software only from official sources
• Enable Microsoft Defender real-time protection
• Turn on cloud-delivered security
• Utilize SmartScreen to block malicious websites

Crypto Industry Faces Persistent Cyber Threats

The cryptocurrency sector has always been a prime target for cybercriminals. Malware attacks and phishing scams continue to evolve, leading to major security breaches.

In one of the largest hacks to date, the $1.4 billion Bybit attack allegedly began with malware disguised as a fake stock investment platform. Similarly, cybercriminals have used social engineering tactics, such as fake job interviews, to distribute malware.

StilachiRAT’s command-and-control (C2) server allows hackers to launch various attacks, including:

• System reboots
• Credential theft
• Application execution
• Suspending the system
• Manipulating Windows registry settings

With such advanced capabilities, StilachiRAT poses a serious threat to crypto holders and businesses.

Final Thoughts

Microsoft’s warning highlights the growing sophistication of malware targeting the crypto industry. Users must remain vigilant, implement strong security measures, and stay informed about emerging threats like StilachiRAT.