Tech giant Microsoft has identified a new remote access trojan (RAT) designed to target cryptocurrency holdings within 20 different wallet extensions for Google Chrome.
In a blog post on March 17, Microsoft’s Incident Response Team revealed that the malware, named StilachiRAT, was first detected in November. It has been found to extract sensitive data such as stored browser credentials, digital wallet details, and clipboard information.
Once deployed, attackers can exploit StilachiRAT to scan device configurations for installed crypto wallet extensions, including Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet, among others. This allows them to siphon cryptocurrency from unsuspecting users.
“An analysis of StilachiRAT’s WWStartupCtrl64.dll module, which houses its RAT functionalities, revealed its ability to employ various techniques to harvest information from compromised systems,” Microsoft explained.
Beyond its primary goal of stealing digital assets, the malware can access credentials stored within Google Chrome’s local state file and track clipboard activity for valuable data like passwords and crypto keys.
StilachiRAT is also equipped with stealth mechanisms to avoid detection. It can clear event logs and check whether it is being analyzed in a sandbox environment, making it more difficult for security professionals to investigate its behavior, Microsoft added.
While the exact identity of the threat actors remains unknown, Microsoft hopes that disclosing details about the malware will help prevent further infections.
“At present, our insights suggest that this malware is not widely distributed,” Microsoft stated. “However, given its stealth capabilities and the rapidly evolving malware landscape, we are sharing this intelligence to assist with tracking, analyzing, and mitigating emerging threats.”
To protect against such attacks, Microsoft advises users to install reputable antivirus programs, enable cloud-based anti-phishing tools, and implement robust anti-malware measures.
The cryptocurrency sector remains a prime target for cybercriminals. Losses from scams, hacks, and exploits totaled approximately $1.53 billion in February alone, with the Bybit breach accounting for $1.4 billion of the losses, according to blockchain security firm CertiK.
Additionally, blockchain analytics company Chainalysis reported in its 2025 Crypto Crime Report that digital asset-related crimes have become more sophisticated, with AI-driven scams, stablecoin laundering, and highly efficient cybercriminal networks pushing illicit transaction volumes to $51 billion in the past year.
For more news, find me on Twitter Giannis Andreou and subscribe to My channels Youtube and Rumble
What is your opinion on this particular topic? Leave us your comment below! We are always interested in your opinion!
