Microsoft has identified a new cybersecurity threat targeting cryptocurrency users, uncovering a remote access trojan (RAT) that infiltrates digital wallet extensions in Google Chrome.
The tech giant’s Incident Response Team revealed in a March 17 report that the malware, dubbed StilachiRAT, is designed to steal sensitive information from cryptocurrency holders.
First detected in November 2023, StilachiRAT operates by extracting credentials stored in browsers, accessing crypto wallet data, and monitoring clipboard activity.
New Malware Targets 20 Crypto Wallet Extensions to Steal User Funds
Once installed on a device, the malware scans for the presence of 20 targeted wallet extensions, including Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet, to siphon user funds.
Microsoft’s analysis found that the trojan exploits WWStartupCtrl64.dll, a module that facilitates various stealthy data theft techniques.
StilachiRAT can retrieve login credentials saved in the Google Chrome local state file and intercept sensitive details, such as passwords and crypto keys, from clipboard activity.
It also employs anti-forensics mechanisms to evade detection by clearing event logs and detecting sandbox environments, which helps cybercriminals bypass security monitoring.
Despite its advanced capabilities, Microsoft has yet to identify the actors behind the malware.
However, the company stressed that publicly sharing its findings could help mitigate its impact.
New Malware Alert — Microsoft warns of StilachiRAT, a stealthy remote access trojan that:
Steals browser passwords & clipboard data
Targets crypto wallets
Executes remote commands & monitors RDP sessionsEvades detection by clearing event logs
Read:… pic.twitter.com/IPYbUdlxcT
— The Hacker News (@TheHackersNews) March 18, 2025
Microsoft noted that while StilachiRAT has not yet spread on a large scale, its ability to evade detection and rapidly evolve makes it a significant concern.
“Based on Microsoft’s current visibility, the malware does not exhibit widespread distribution at this time,” the company said.
“However, due to its stealth capabilities and the rapid changes within the malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on the evolving threat landscape.”
Crypto Cyberattacks Surge as Hackers Deploy Sophisticated Tactics
The discovery comes amid a surge in crypto-related cyberattacks, with hackers increasingly targeting digital assets through sophisticated methods.
Microsoft advised crypto users to strengthen their security measures by implementing antivirus software, cloud-based anti-phishing tools, and strong anti-malware protections to minimize risk.
The rise in malware attacks on cryptocurrency holders coincides with an alarming spike in crypto-related fraud.
Blockchain security firm CertiK reported that crypto scams, hacks, and exploits led to $1.53 billion in losses in February, with the $1.4 billion Bybit hack accounting for the bulk of the damage.
Meanwhile, Chainalysis’ 2025 Crypto Crime Report highlighted how crypto crime is evolving into a highly professionalized industry, driven by AI-powered scams, stablecoin laundering, and sophisticated cyber syndicates, with illicit transaction volumes surpassing $51 billion last year.
In February 2025, losses in the crypto ecosystem increased by 20x month-over-month compared with January 2025, according to the latest report by major blockchain security platform Immunefi.
In January, registered losses stood at $73,915,700. Just a month later, this figure jumped to $1,528,342,400. The latter was the result of nine hacks.
Additionally, the February number is an 18x increase from the same time a year prior. In February 2024, registered losses were $81,603,400.
The post Microsoft Warns of New Trojan Targeting Crypto in 20 Chrome Wallet Extensions appeared first on Cryptonews.
