Microsoft has identified a new Trojan, StilachiRAT, targeting major cryptocurrency wallets such as MetaMask, Phantom, and Coinbase. The malware, first discovered in November 2024, poses a significant risk by extracting stored credentials from Google Chrome, compromising crypto keys and passwords.
StilachiRAT employs advanced evasion techniques, including clipboard monitoring, forensic resistance, and event log scanning, making it harder to detect. It doesn’t just stop at the big names—wallets linked to Bitget, Trust, TronLink, OKX, BNB Chain, and Sui are also vulnerable.
How StilachiRAT Spreads
According to Aaron Walton, a threat intelligence analyst at Xbel, cybercriminals rely heavily on social engineering to distribute the malware. Victims are tricked into downloading it through fake job offers, fraudulent downloads, or deceptive verification tests that interrupt their browsing.
“The financial incentive is massive,” Walton explains. “Attackers use methods that easily bypass basic security measures—even corporate defense systems struggle to detect them.”
A Growing Cybersecurity Concern
Although Microsoft states that StilachiRAT’s spread is still limited, the company warns of its stealth capabilities and the increasing sophistication of cyberattacks. With the rise of digital assets and decentralized finance (DeFi), hackers are constantly evolving their tactics to exploit new vulnerabilities.
Crypto users are urged to stay vigilant by avoiding suspicious links, enabling two-factor authentication (2FA), and keeping security software up to date. As cyber threats continue to evolve, staying informed is the best defense.
