Microsoft has identified a new remote access trojan (RAT) to steal cryptocurrency from users by targeting 20 different wallet extensions on Google Chrome.
In a blog post published on March 17, Microsoft’s Incident Response Team revealed that it had been tracking the malware, StilachiRAT, since November 2024. The malware can extract sensitive data, including credentials stored in browsers, digital wallet information, and clipboard content.
Once deployed, StilachiRAT scans a victim’s device for specific crypto wallet extensions, including Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet. Microsoft’s analysis of the malware’s WWStartupCtrl64.dll module showed it employs multiple techniques to siphon information from compromised systems.
The malware, StilachiRAT, not only steals credentials but also extracts saved login details from Chrome’s local state file and monitors clipboard activity to capture passwords and crypto keys. Additionally, it employs advanced evasion tactics, like clearing event logs and detecting sandbox environments, complicating analysis efforts.
While Microsoft has yet to identify the hackers behind StilachiRAT, it has publicly disclosed its findings to help mitigate potential attacks.
“At this time, we have not observed widespread distribution,”
Microsoft stated.
“However, given its stealth capabilities and the fast-evolving nature of malware, we are sharing this information as part of our ongoing efforts to monitor, analyze, and report on cyber threats.”
To protect against such threats, Microsoft recommends users install antivirus software and enable cloud-based anti-malware and anti-phishing protections.
The discovery comes amid growing concerns over cryptocurrency-related cybercrime. In February alone, nearly $1.53 billion was lost to hacks, scams, and exploits, with the Bybit hack accounting for $1.4 billion of that total, according to blockchain security firm CertiK.
Meanwhile, Chainalysis’ 2025 Crypto Crime Report highlights a shift in cybercrime tactics, noting that cryptocurrency crime is now highly professionalized. The report points to the rise of AI-driven scams, stablecoin laundering, and organized cyber syndicates, with illicit transactions totalling $51 billion over the past year.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
