While cryptocurrency owners focus on market volatility, a far more immediate threat lurks in their browsers. Microsoft researchers recently discovered StilachiRAT, a sophisticated remote access trojan that specifically targets Google Chrome‘s cryptocurrency wallet extensions. First identified in November 2024, this malware has already developed capabilities to compromise 20 popular crypto wallets including Coinbase Wallet, MetaMask, Trust Wallet, and OKX Wallet.
This isn’t your average virus. StilachiRAT employs advanced anti-forensic techniques to hide from detection, clearing event logs and evading sandbox environments that security researchers use to analyze threats. It’s like having a burglar who not only breaks in but erases the security camera footage on the way out.
Once installed, the trojan gets busy. It monitors clipboard activity (yes, those copy-pasted passwords), collects system information, and scans for wallet extensions to extract credentials. The full extent of this vulnerability became public when Microsoft published detailed findings on March 17, 2025. The malware even watches for active Remote Desktop sessions to impersonate users. Your digital signature becomes its disguise.
The trojan maintains persistence by modifying Windows service settings and communicates with command servers through randomly selected TCP ports. Translation: it’s hard to remove and constantly phones home to its creators.
While not yet widely distributed, StilachiRAT represents the evolving sophistication of cryptocurrency crime. With nearly $1.53 billion lost to crypto crimes in February alone and approximately $51 billion in illicit transactions last year, the stakes couldn’t be higher.
Protect yourself immediately. Download software exclusively from official sources. Update Microsoft Defender, which can now detect StilachiRAT activity. Enable Safe Links and Safe Attachments if you use Microsoft 365. Activate network protection in Microsoft Defender for Endpoint. Consider transferring your assets to hardware wallets for maximum protection against browser-based threats like StilachiRAT.
