Tech giant Microsoft has identified a new remote access trojan (RAT) called StilachiRAT, which specifically targets cryptocurrency holdings stored in 20 different wallet extensions on the Google Chrome browser.
According to a March 17 blog post from Microsoft’s Incident Response Team, the malware was first detected in November 2024. StilachiRAT is designed to steal sensitive data, including credentials stored in the browser, crypto wallet details, and clipboard information.
How StilachiRAT Steals Crypto
Once deployed, StilachiRAT scans device settings to detect the presence of popular crypto wallets such as Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet. If it finds any of these extensions, it extracts and siphons critical user data.
Microsoft’s analysis of WWStartupCtrl64.dll, a module within StilachiRAT, revealed that it employs multiple techniques to steal information. The malware can:
- Extract saved credentials from Google Chrome’s local state file.
- Monitor clipboard activity to capture passwords and private crypto keys.
- Employ anti-forensic features like clearing event logs to evade detection.
- Detect whether it is running in a sandboxed environment, blocking attempts to analyze it.
Who is Behind StilachiRAT?
At this time, Microsoft has not identified the threat actors behind StilachiRAT. However, it has publicly shared information on the malware to mitigate its impact and warn crypto users about potential risks.
“Based on our current visibility, StilachiRAT does not show widespread distribution,” Microsoft noted. “However, its stealth capabilities and the rapid evolution of malware ecosystems remain a serious concern.”
Crypto Theft on the Rise
Microsoft’s warning comes amid a surge in crypto-related cyber threats. Blockchain security firm CertiK reported that crypto scams and hacks led to $1.53 billion in losses in February, with the Bybit hack alone accounting for $1.4 billion.
A 2025 Crypto Crime Report from Chainalysis further highlighted the professionalization of crypto crime, dominated by AI-driven scams, stablecoin laundering, and sophisticated cyber syndicates. The total illicit transaction volume reportedly hit $51 billion in the past year.
How to Stay Protected
To avoid falling victim to malware like StilachiRAT, Microsoft advises users to:
- Install reputable antivirus software.
- Use cloud-based anti-phishing and anti-malware tools.
- Regularly update browser and security settings.
- Be cautious of suspicious links and downloads.
Also Read: Is DeepSeek Stealing AI Secrets? Microsoft and OpenAI Investigate Suspicious Data Breach
As cyber threats continue to evolve, crypto users must remain vigilant and prioritize security to safeguard their assets.
Disclaimer: The information in this article is for general purposes only and does not constitute financial advice. The author’s views are personal and may not reflect the views of Chain Affairs. Before making any investment decisions, you should always conduct your own research. Chain Affairs is not responsible for any financial losses.
About The Author
