Microsoft Uncovers Recent Crypto-Stealing Malware—Is Your Wallet at Risk?

By • Posted in Crypto No Comments

Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure

Microsoft has identified a latest distant access trojan (RAT) designed to steal cryptocurrency from users by targeting digital wallet extensions on Google Chrome.

The malware, dubbed StilachiRAT, has been under investigation since November 2024, and security experts warn it poses a major threat to crypto holders.

How StilachiRAT Operates

In keeping with Microsoft’s Incident Response Team, StilachiRAT is able to extracting credentials stored within the browser, scanning devices for crypto wallet extensions, and intercepting sensitive information similar to private keys and passwords.

The malware has been found to specifically goal at the least 20 cryptocurrency wallets, including Bitget Wallet (formerly BitKeep), Trust Wallet, Coinbase Wallet, MetaMask, TronLink and OKX Wallet. Once deployed, it may possibly steal stored digital assets by accessing clipboard data and extracting private credentials.

Microsoft’s research indicates that StilachiRAT operates stealthily, using various evasion techniques to avoid detection. The malware installs itself through a compromised library file, WWStartupCtrl64.dll, which executes distant commands to govern infected systems.

Once energetic, it scans the device for crypto wallet extensions and extracts saved credentials from Google Chrome’s local state files. A key feature of the malware is its ability to watch clipboard activity, meaning if users copy and paste crypto wallet addresses or passwords, StilachiRAT can capture and redirect that information to the attacker.

Microsoft also found that the trojan includes anti-forensic capabilities, similar to clearing event logs and detecting sandbox environments to avoid being analyzed by cybersecurity researchers.

Microsoft’s Response and Security Recommendations

At present, Microsoft has not attributed the attack to any specific hacker group but has warned that as a consequence of the character of the malware ecosystem, StilachiRAT could evolve rapidly.  In a blog post, the corporate stated:

Based on Microsoft’s current visibility, the malware doesn’t exhibit widespread distribution presently. Nonetheless, as a consequence of its stealth capabilities and the rapid changes inside the malware ecosystem, we’re sharing these findings as a part of our ongoing efforts to watch, analyze, and report on the evolving threat landscape.

Microsoft advises users to take precautionary measures to avoid falling victim to StilachiRAT and similar threats. The corporate recommends installing antivirus software, enabling cloud-based anti-phishing and anti-malware protection, and ensuring all browser extensions come from trusted sources.

Users also needs to be cautious when copying and pasting wallet addresses and passwords, as malware like StilachiRAT specifically exploits clipboard data.

With increasing security risks within the crypto space, Microsoft’s warning highlights the importance of staying vigilant against cyber threats. As hackers develop more advanced techniques to compromise digital wallets, investors and on a regular basis users must take proactive steps to secure their assets.

The global crypto market cap value on TradingView
The worldwide digital currency market cap value on the 1-day chart. Source: TradingView.com

Featured image created with DALL-E, Chart from TradingView

Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and every page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.

Leave a Comment

Copyright © 2025. All Rights Reserved. Finapress | Flytonic Theme by Flytonic.