Microsoft has uncovered a new trojan, StilachiRAT, posing a threat to cryptocurrency holders using wallet extensions in the Google Chrome browser.
Detection of the New Trojan
In a blog post on March 17, Microsoft's team shared information about the discovery of StilachiRAT, a trojan capable of stealing data from 20 crypto wallet extensions. The trojan can extract sensitive data from the browser, including digital wallet information and data stored in the clipboard.
How StilachiRAT Works
StilachiRAT is designed to steal crypto wallet data such as those from Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet by scanning configuration information. The malware can extract credentials saved in Chrome local files and monitor clipboard activity for passwords and cryptographic keys. It also uses detection evasion and anti-forensics features, such as clearing event logs and determining if it's running in a sandbox.
Security Measures and Recommendations
Microsoft states that it cannot yet identify who is behind the spread of the malware but hopes that spreading information about StylachiRAT will help reduce potential risks. Users are advised to use antivirus software and cloud-based anti-phishing and anti-malware components to protect against such threats.
Microsoft continues to monitor cyber threats, aiming to detect and alert users to changes in the malware ecosystem promptly.
