- Microsoft has identified a new Malware threat called StilachiRAT that targets cryptocurrency wallets through Google Chrome.
- Popular wallets at risk include MetaMask, Coinbase Wallet, Phantom, OKX Wallet, and BNB Chain Wallet.
- The malware has sophisticated credential-stealing capabilities but isn’t yet widespread, according to Microsoft researchers.
Security researchers at Microsoft have issued an alert about a newly discovered malware strain called StilachiRAT, capable of compromising cryptocurrency wallets by stealing sensitive information from Google Chrome browsers. The malware specifically targets credential data that could give attackers access to users’ digital assets across multiple popular wallet platforms.
The sophisticated threat can extract usernames, passwords, and other authentication details stored in Chrome, potentially compromising funds held in several major cryptocurrency wallets. Security experts have identified MetaMask, Coinbase Wallet, Phantom, OKX Wallet, and BNB Chain Wallet among the platforms at risk from this attack vector.
Microsoft’s incident response team published details in a blog post explaining how the malware operates: “Analysis of the StilachiRAT’s WWStartupCtrl64.dll module that contains the RAT capabilities revealed the use of various methods to steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored in the clipboard, as well as system information.”
Researchers emphasized the importance of preventative measures, noting it’s “critical to implement security hardening measures to prevent the initial compromise.” While the investigation continues, Microsoft has not yet been able to attribute the malware to any specific threat actor or geographic origin.
The company also indicated that StilachiRAT does not currently show widespread distribution patterns. “Microsoft has not yet attributed StilachiRAT to a specific threat actor or geolocation. Based on Microsoft’s current visibility, the malware does not exhibit widespread distribution at this time,” their researchers noted.
Despite its currently limited spread, Microsoft chose to publish their findings as part of ongoing security transparency efforts. “However, due to its stealth capabilities and the rapid changes within the malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on the evolving threat landscape,” the security team added.
The emergence of StilachiRAT follows a broader trend of increasingly sophisticated attacks targeting cryptocurrency holders. The rising valuation of digital assets has attracted more criminal attention to the sector, with February seeing a massive $1.5 billion breach of the Bybit exchange reportedly carried out by the North Korea-affiliated Lazarus Group.
For cryptocurrency users, this discovery underscores the importance of maintaining robust security practices, particularly when using browser-based wallet extensions that may be vulnerable to credential theft.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- XRP Surges 10% as Ripple CEO Announces SEC to Drop Appeal in Landmark Case
- SEC drops appeal against Ripple, ending multi-year enforcement action
- Goldman Sachs, Moody’s, and Hong Kong FMI Join Global Synchronizer Foundation for Blockchain Collaboration
- DNMiner Launches Cloud Mining Platform Combining Cryptocurrency Staking for Enhanced Investment Returns
- TOKERO Unveils Revolutionary Hybrid Architecture That Unifies Centralized, Decentralized, and Physical Crypto Exchange Models
