A new Trojan named StilachiRAT has been discovered, targeting cryptocurrency wallets and posing a serious threat to online users. Detected by Microsoft in November 2024, this malicious software focuses on Google Chrome browser extensions. It specifically targets 20 different cryptocurrency wallet extensions, including popular ones like MetaMask and Coinbase Wallet. StilachiRAT is designed to steal valuable information. It extracts saved credentials and monitors clipboard activity for sensitive data. It can operate as a Windows service or a standalone program, making it difficult to detect. The Trojan employs various evasion techniques, like clearing event logs and checking for analysis tools to avoid being caught. It communicates with command and control (C2) servers through multiple TCP ports, enhancing its stealth.
The malware can also monitor active Remote Desktop Protocol (RDP) sessions, allowing it to duplicate security tokens. This capability raises concerns about further security breaches. StilachiRAT is particularly dangerous for cryptocurrency users because it can access wallet information and steal funds. It exploits vulnerabilities in Chrome, including stored passwords and clipboard content, posing a significant risk across devices. The Trojan conducts extensive system reconnaissance to gather detailed information, further increasing its threat level. Users should use cold storage options to protect their assets from such threats.
The rise of StilachiRAT comes amid a broader trend of increasing cyber threats targeting digital assets. In February alone, losses from cryptocurrency scams and hacks reached nearly $1.53 billion. Reports indicate that the professionalization of cybercrime is growing, with illicit transactions hitting $51 billion over the past year.
Although StilachiRAT has not shown widespread distribution yet, its potential for harm is significant. As it stands, users of cryptocurrency wallets should stay aware of these threats. The emergence of StilachiRAT highlights the vulnerabilities of browser-based wallets. With the sophistication of such malware on the rise, the safety of funds remains a pressing concern for many online users.
