In a recent cybersecurity development, Microsoft has identified a sophisticated remote access trojan (RAT) named StilachiRAT, which specifically targets cryptocurrency wallet extensions within the Google Chrome browser. This discovery underscores the evolving tactics cybercriminals employ to exploit digital assets and highlights the pressing need for enhanced security measures among cryptocurrency users. First detected by Microsoft’s Incident Response Team in November 2024, StilachiRAT exhibits advanced techniques designed to evade detection and maintain persistence within compromised systems. The malware is engineered to exfiltrate a broad spectrum of sensitive data, including credentials stored in the browser, digital wallet information, clipboard data, and comprehensive system details. ALERT: Microsoft has discovered a new trojan, StilachiRAT, targeting cryptocurrency wallets in the Google Chrome browser. The malware attacks 20 different extensions, including MetaMask, Coinbase Wallet, Trust Wallet, OKX Wallet, Bitget Wallet, Phantom, and more. pic.twitter.com/qNUququBfk — Cointelegraph (@Cointelegraph) March 18, 2025 A notable aspect of StilachiRAT’s functionality is its ability to extract and decrypt credentials saved in Google Chrome. This capability allows attackers to access usernames and passwords stored within the browser, thereby facilitating unauthorized entry into various accounts. Targeted Cryptocurrency Wallet Extensions StilachiRAT’s primary focus is on cryptocurrency wallet extensions used within the Google Chrome browser. The malware scans for configuration data from over 20 different wallet extensions, including MetaMask, Coinbase Wallet, Trust Wallet, OKX Wallet, Bitget Wallet, and Phantom. By targeting these extensions, StilachiRAT aims to harvest sensitive information that could lead to unauthorized access and potential theft of digital assets. Stealth and Persistence Mechanisms To ensure its stealth and persistence, StilachiRAT employs several sophisticated strategies: Anti-Forensic Measures: The malware deletes system logs and checks computer settings before executing commands, thereby minimizing traces of its presence. Command Execution: It can execute a variety of commands received from its command-and-control (C2) server, including rebooting the system, clearing logs, stealing credentials, launching applications, and manipulating system windows. Current Distribution and Attribution As of now, StilachiRAT has not been widely distributed, and Microsoft has not attributed it to any known threat actor or geographic region. However, due to its stealth capabilities and the rapid changes within the malware ecosystem, Microsoft has shared these findings as part of its ongoing efforts to monitor, analyze, and report on the evolving threat landscape. We are on twitter, follow us to connect with us :- @TimesTabloid1 — TimesTabloid (@TimesTabloid1) July 15, 2023 Recommendations for Users In light of this discovery, users are advised to exercise heightened caution, particularly when handling cryptocurrency wallet extensions. Recommendations include: Avoid Storing Sensitive Information in Browsers: Refrain from saving passwords or private keys within browser storage. Maintain Updated Security Software: Ensure that antivirus and anti-malware programs are up-to-date to detect and prevent potential threats. Be Cautious with Downloads and Links: Avoid downloading software or clicking on links from untrusted sources, as these could be vectors for malware distribution. By implementing these precautions, users can significantly reduce the risk of falling victim to threats like StilachiRAT and safeguard their digital assets against unauthorized access. Disclaimer : This content is meant to inform and should not be considered financial advice. The views expressed in this article may include the author’s personal opinions and do not represent Times Tabloid’s opinion. Readers are urged to do in-depth research before making any investment decisions. Any action taken by the reader is strictly at their own risk. Times Tabloid is not responsible for any financial losses. Follow us on Twitter , Facebook , Telegram , and Google News The post Microsoft Discovers New Trojan Targeting Crypto Wallets In Google Chrome appeared first on Times Tabloid .
