In a March 17, 2025 incident response, Microsoft disclosed its discovery of StilachiRAT—a new remote access trojan (RAT) that has potential to steal critical information, such as digital wallet credentials.

According to Microsoft, this malware specifically targets the configuration data of 20 different cryptocurrency wallet extensions for the Google Chrome browser.

“StilachiRAT targets a list of specific cryptocurrency wallet extensions for the Google Chrome browser,” said Microsoft.

In a statement, the Microsoft Incident Response team noted, “They uncovered a novel RAT that employs sophisticated techniques to evade detection and exfiltrate sensitive data”. More details on their findings can be viewed here.

StilachiRAT’s Popular Targets: Bitget, OKX, Coinbase, BNB Chain

Initially detected by Microsoft’s Incident Response Team in November 2024, StilachiRAT is capable of infiltrating devices and stealing data while avoiding detection. It specifically targets numerous cryptocurrency wallet extensions on Google Chrome, including major wallets like Bitget, MetaMask, BNB Chain, OKX, Coinbase, and many more.

Additionally, StilachiRAT gathers detailed information about the target device, such as operating system details, hardware identifiers, active Remote Desktop Protocol sessions, and running applications, which allows for extensive profiling of the system.

🚨 New Malware Alert: Your Crypto Wallets Might Be at Risk! 🚨 Microsoft has just revealed this deceptive new malware—StilachiRAT—that targets your crypto.

What it does: It scans for over 20 crypto wallet extensions.

StilachiRAT exemplifies the evolving tactics of cybercriminals who aim to exploit vulnerabilities in the cryptocurrency ecosystem. In 2024, fraudsters stole approximately $9.9 billion in cryptocurrencies on-chain, which marked a 40% increase compared to the previous year.

While Microsoft has not linked StilachiRAT to a specific threat actor or location, they remain vigilant in monitoring the methods used for these attacks.

“Malware like StilachiRAT can be installed through various methods; thus, implementing robust security measures is crucial to prevent initial breaches,” warns Microsoft.

Key Takeaways

• Microsoft has issued a serious warning to cryptocurrency users with the emergence of StilachiRAT, which presents a significant risk to the security of digital assets.
• This malware, identified first by Microsoft’s Incident Response Team, showcases advanced capabilities for device infiltration, data theft, and evading detection.