Microsoft has discovered a new trojan, StilachiRAT, which steals cryptocurrency by targeting 20 different wallet extensions on Google Chrome.
How StilachiRAT Operates
In a blog post published on March 17, Microsoft’s Incident Response Team revealed tracking the StilachiRAT malware since November 2024. This malware extracts data such as browser-stored credentials and digital wallet information. StilachiRAT scans a victim’s device for specific crypto wallets like Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet, using various techniques to siphon information. It also extracts saved login details from Chrome’s local state file and monitors clipboard activity for passwords and crypto keys.
Countermeasures and Recommendations
While Microsoft has yet to identify the hackers behind StilachiRAT, it has publicly disclosed its findings to help mitigate potential attacks. According to the company, the trojan's distribution has not yet reached widespread levels. However, given its stealth capabilities, Microsoft advises users to install antivirus software and enable cloud-based anti-malware and anti-phishing protections.
Increase in Cryptocurrency Cybercrime
The discovery of StilachiRAT comes amid growing concerns over cryptocurrency-related cybercrime. In February alone, nearly $1.53 billion was lost to hacks and scams, with the Bybit hack accounting for $1.4 billion of that total. The 2025 Crypto Crime Report highlights a shift towards professionalized crime tactics, pointing to the rise of AI-driven scams and stablecoin laundering.
The discovery of StilachiRAT highlights the increasing complexity of modern cyberattacks related to cryptocurrency. Microsoft continues its efforts to monitor these threats and urges users to take additional measures to protect their data and digital assets.
