Microsoft Uncovers New Malware StilachiRAT Targeting Crypto Wallets

StilachiRAT Poses Stealthy Threat to Crypto Users
Microsoft security researchers have identified a new malware strain, StilachiRAT, designed to infiltrate popular cryptocurrency wallet extensions, posing a significant risk to digital asset holders. The remote access trojan, first discovered in November 2024, has been found capable of extracting and decrypting saved credentials from widely used browser-based wallets, including MetaMask, Coinbase Wallet, Phantom, and Keplr. By targeting Google Chrome wallet extensions, the malware can compromise usernames, passwords, and other sensitive data, granting attackers unauthorized access to crypto funds.
StilachiRAT operates as an advanced information-gathering tool, persistently monitoring clipboard content for cryptocurrency keys and passwords. Researchers have observed its use of regular expressions to scan for credentials, with a particular focus on data related to the Tron network, which enjoys widespread use in China. Microsoft has flagged the malware’s ability to systematically extract information from an extensive list of wallets, including Trust Wallet, Bitget Wallet, TronLink, TokenPocket, BNB Chain Wallet, OKX Wallet, Sui Wallet, and multiple others.
Aaron Walton, a Threat Intelligence Analyst at Expel, highlighted the dangers posed by info-stealing malware, noting that attackers rely on social engineering tactics to deceive victims into downloading malicious code. These schemes range from fake job offers and deceptive downloads to fraudulent captcha verifications interrupting a user's browsing session. Walton emphasized that cybercriminals are motivated by the potential for substantial financial gain and have developed sophisticated methods to evade security measures, often bypassing even enterprise-level defenses.
Microsoft's investigation indicates that StilachiRAT exhibits anti-forensic techniques to cover its tracks, such as clearing event logs and using evasive maneuvers to avoid detection. The Microsoft Incident Response team reported that while the malware is not currently seeing widespread distribution, its stealth capabilities and the evolving nature of the threat landscape warrant continuous monitoring. Given the rapid adaptability of malware strains, Microsoft has disclosed its findings as part of its broader effort to track and mitigate emerging cybersecurity risks.
This article has been refined and enhanced by ChatGPT.