A new Trojan named StilachiRAT has been discovered, and it’s causing concern for users of popular crypto wallet extensions. First identified by Microsoft in November 2024, this malware targets 20 popular crypto wallet extensions used on Google Chrome. Among these, notable targets include MetaMask, Coinbase Wallet, Trust Wallet, and OKX Wallet. The Trojan is designed to steal credentials and sensitive information, putting users’ crypto funds at risk.
StilachiRAT has several capabilities that make it dangerous. It can extract credentials and wallet data from Chrome’s local state file, meaning it can easily access users’ accounts. Additionally, it monitors clipboard activity to capture sensitive information, such as cryptocurrency keys. This malware can also establish remote connections, giving attackers persistent access to infected systems by modifying Windows services. The recent phishing campaign targeting Chrome extension developers has further heightened concerns over the security of browser extensions. Protecting private keys is vital for safeguarding assets and preventing threats from such malware.
StilachiRAT can extract sensitive wallet data, monitor clipboard activity, and maintain persistent access, posing a severe risk to users.
To evade detection, StilachiRAT employs advanced techniques. It clears event logs and checks for sandbox environments, making it hard to spot. This stealthy behavior allows it to operate without being noticed. The Trojan can also gather system information, including hardware identifiers and RDP sessions, enhancing its ability to move laterally across networks, which poses a significant threat to businesses due to its ability to steal sensitive data.
The financial implications of such malware are severe. Cybercrime related to cryptocurrencies resulted in losses of $1.53 billion in February alone. The appearance of sophisticated threats like StilachiRAT shows how cybercrime is becoming more professionalized. Microsoft has responded by updating its Defender XDR to detect this Trojan and is actively monitoring the threat landscape.
As of now, StilachiRAT hasn’t spread widely, but its potential for harm remains. Users are urged to stay vigilant, especially regarding clipboard activity and suspicious links. With the rise of threats like StilachiRAT, the safety of crypto assets hangs in the balance, leaving many to wonder just how secure their funds really are.
