In a 17 March 2025 “ incident response, ” Microsoft revealed that it uncovered a novel remote access trojan (RAT) or StilachiRAT that can steal information from the target system, such as digital wallet information.
According to Microsoft, key capabilities of StilachiRAT includes digital wallet targeting. The malware can scan for configuration data of 20 different cryptocurrency wallet extensions for the Google Chrome browser.
“StilachiRAT targets a list of specific cryptocurrency wallet extensions for the Google Chrome browser,” said Microsoft.
Microsoft Incident Response researchers uncovered a novel remote access trojan (RAT) that demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data. https://t.co/MJARVBz2zd
— Microsoft Threat Intelligence (@MsftSecIntel) March 17, 2025
Explore: Next 1000X Crypto: 10+ Crypto Tokens That Can Hit 1000x in 2025
StilachiRAT’s Popular Targets: Bitget, OKX, Coinbase, BNB Chain
First identified by Microsoft’s Incident Response Team in November 2024, StilachiRAT is a sophisticated malware capable of infiltrating devices, stealing sensitive data, and evading detection. It targets over 20 cryptocurrency wallet extensions on Google Chrome, including popular wallets such Bitget, MetaMask, BNB Chain, OKX, Coinbase and more.
Microsoft said that StilachiRAT collects comprehensive system information, including operating system (OS) details, hardware identifiers, camera presence, active Remote Desktop Protocol (RDP) sessions, and running graphical user interface (GUI) applications, allowing detailed profiling of the target system.
🚨 New Malware Alert: Your Crypto Wallets Might Be at Risk! 🚨
Microsoft just uncovered a sneaky new malware called StilachiRAT—and it’s coming straight for your crypto. 👀
Here’s what it does:
🔹 Scans your device for 20+ crypto wallet extensions (including MetaMask, Coinbase… pic.twitter.com/BkUwgJPCL1— Ricards (@Ricardswo) March 18, 2025
StilachiRAT is just one example of how cybercriminals are adapting their methods to exploit vulnerabilities in the crypto ecosystem. In 2024 alone, scammers stole approximately $9.9 billion in on-chain cryptocurrencies—a 40% increase compared to the previous year.
However, Microsoft has not yet attributed StilachiRAT to a specific threat actor or geolocation. But the company continues to monitor information on the delivery vector used in these attacks.
“Malware like StilachiRAT can be installed through multiple vectors; therefore, it is critical to implement security hardening measures to prevent the initial compromise,” warned Microsoft.
Explore: Best Meme Coin ICOs to Invest in March 2025
Key Takeaways
- Microsoft has issued a stark warning to cryptocurrency users following the discovery of a new malware, StilachiRAT, which poses a significant threat to digital asset security.
- First identified by Microsoft’s Incident Response Team in November 2024, StilachiRAT is a sophisticated malware capable of infiltrating devices, stealing sensitive data, and evading detection.
