Lurking in the shadows of the internet, a dangerous new malware called StilachiRAT is targeting cryptocurrency enthusiasts where it hurts most—their digital wallets. Discovered in November 2024 by Microsoft’s Incident Response Team, this remote access trojan specifically hunts down popular crypto wallet extensions on Google Chrome, putting users’ digital assets in jeopardy.
StilachiRAT isn’t your garden-variety malware. It’s a sophisticated thief that steals browser credentials, wallet data, and even monitors your clipboard for sensitive information. Think your copy-paste habits are innocent? Think again. Every time you copy a wallet address or password, this sneaky trojan is watching.
This digital predator silently monitors your every keystroke, lurking in wait for that precious moment you copy your crypto credentials.
The malware targets a whopping 20 different cryptocurrency wallet extensions, including industry heavyweights like MetaMask, Coinbase Wallet, Trust Wallet, and OKX Wallet. Why Chrome? Simple—it’s widely used and compatible with these extensions. The perfect hunting ground.
What makes StilachiRAT particularly dangerous is its stealth game. It clears event logs, checks for sandbox environments, and employs anti-forensic measures to cover its tracks. Experts strongly recommend using hardware wallets instead of browser extensions for storing significant cryptocurrency assets. Your system could be compromised right now, and you’d never know it.
Communication with hackers happens through command-and-control servers using randomly selected TCP ports (53, 443, or 16000). These connections allow attackers to execute up to 10 different commands remotely—everything from displaying fake dialog boxes to shutting down your system entirely. The malware also enables attackers to monitor Remote Desktop Protocol sessions for user impersonation, creating additional security risks.
While global distribution isn’t yet widespread, StilachiRAT represents a growing trend in cryptocurrency theft. With crypto losses from scams and hacks reaching a staggering $1.53 billion in February alone, the threat is real and evolving.
Protect yourself by keeping browser extensions updated, using hardware wallets for significant holdings, and enabling two-factor authentication whenever possible. Check your Chrome extensions regularly for suspicious activity and consider dedicated devices for high-value transactions. Your crypto’s safety depends on your vigilance—don’t make yourself an easy target.
