Tech giant Microsoft has raised alarm over a newly identified malware, StilachiRAT, which poses a significant threat to cryptocurrency users. The malware, classified as a Remote Access Trojan (RAT), is designed to evade detection while harvesting sensitive data from Google Chrome, including login credentials and wallet information.
Microsoft, in a security advisory, warned that StilachiRAT actively scans for crypto wallet extensions, targeting at least 20 digital asset wallets such as MetaMask, Trust Wallet, Phantom, Coinbase, BNB Chain, and Bitget Wallet.
StilachiRAT employs advanced cyber-espionage techniques to compromise users’ financial security. The malware extracts wallet credentials and configuration details, granting attackers unauthorized access to digital assets.
Once infiltrated, it enables cybercriminals to drain funds seamlessly. Additionally, it monitors clipboard activity to intercept cryptocurrency keys and passwords copied by users, further heightening the risk of financial theft. Its ability to execute remote commands, clear logs, and manipulate system settings makes it a potent tool for persistent attacks.
The malware is particularly concerning due to its sophisticated anti-forensic capabilities. Microsoft’s findings reveal that StilachiRAT can conduct system reconnaissance, collecting vital device information, including operating system details, hardware identifiers, and active applications.
It also monitors Remote Desktop Protocol (RDP) sessions, allowing attackers to impersonate users and spread malware across networks. By leveraging advanced evasion techniques, the malware can identify security tools and delay execution to avoid detection.
In response, Microsoft has advised users to take proactive security measures to mitigate the risks. The company recommends downloading software only from official sources, enabling Microsoft Defender’s real-time protection, activating cloud-delivered security, and using SmartScreen to block malicious websites. While the malware has not yet become widespread, Microsoft emphasized that robust security hardening is essential to prevent potential threats.
The cryptocurrency industry has remained a prime target for cybercriminals, with sophisticated malware continuously evolving. Microsoft’s warning follows a series of high-profile hacks in the sector, including the $1.4 billion Bybit breach, where attackers used malware disguised as a fake stock investment platform.
Security experts warn that StilachiRAT’s command-and-control capabilities allow it to manipulate system settings, execute applications, and even suspend operations, making it a formidable tool for digital espionage and financial fraud.