- Microsoft has issued a warning about a new malware, StilachiRAT, targeting cryptocurrency wallets
- The malware can steal credentials and digital wallet information from Google Chrome extensions
- StilachiRAT employs sophisticated techniques to evade detection and persist in infected systems
Microsoft has identified a new remote access trojan (RAT) named StilachiRAT, which poses a significant threat to cryptocurrency wallet users. This malware targets 20 popular crypto wallet extensions on the Google Chrome browser, including MetaMask and Coinbase Wallet and is capable of stealing sensitive information such as credentials and digital wallet data while employing advanced evasion techniques to remain undetected.
Hackers Targeting Chrome Again
Microsoft’s Incident Response team uncovered StilachiRAT in November 2024, a sophisticated malware designed to infiltrate systems and extract valuable data. The trojan collects comprehensive system information, including operating system details, hardware identifiers, and active Remote Desktop Protocol (RDP) sessions. It specifically targets cryptocurrency wallet extensions by scanning for their presence in the Chrome browser’s settings.
The malware can extract and decrypt credentials stored in Chrome, monitor clipboard activity for sensitive information like passwords and crypto keys, and establish communication with remote command-and-control servers, allowing attackers to execute various commands on the compromised system.
20 Wallet Extensions Affected
StilachiRAT has been found to target 20 different cryptocurrency wallet extensions for the Google Chrome browser. Among these are widely used wallets such as MetaMask, Coinbase Wallet, Trust Wallet, and OKX Wallet. The malware accesses the Chrome extensions’ settings to identify and exploit these wallets, posing a significant risk to users’ digital assets.
One of the notable characteristics of StilachiRAT is its ability to evade detection and maintain persistence within the infected system. The malware employs anti-forensic tactics, such as clearing event logs and detecting analysis tools, to avoid detection. It also uses watchdog threads to ensure it reinstates itself if removed, making it challenging for security measures to eliminate the threat completely.
How to Protect Yourself
To mitigate the risk posed by StilachiRAT, Microsoft recommends several security measures. Users should install reliable antivirus software and keep it updated to detect and eliminate such threats and should enable two-factor authentication (2FA) for all trading platforms. Storing high-value cryptocurrencies in hardware wallets that are disconnected from the internet can also reduce exposure to malware attacks. Additionally, users should remain vigilant against phishing attempts that could lead to malware installation.
