The technology leader Microsoft has identified a new remote access trojan (RAT) that specifically targets cryptocurrency stored within 20 wallet extensions for the Google Chrome browser.
Microsoft’s Incident Response Team stated in a blog post dated March 17 that it initially uncovered the malware StilachiRAT last November, discovering that it is capable of stealing various types of information such as browser-stored credentials, digital wallet data, and details held in the clipboard.
Following its installation, malicious actors can employ StilachiRAT to extract cryptocurrency wallet information by scanning the device’s settings to determine if any of the 20 wallet extensions are present, including Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet.
The malware StilachiRAT can target digital assets stored across 20 distinct wallet extensions. Source: Microsoft
“An examination of the StilachiRAT’s WWStartupCtrl64.dll module containing RAT functionalities displayed a variety of methods employed to extract data from the compromised system,” Microsoft indicated.
In addition to its other features, the malware is capable of retrieving credentials saved in the Google Chrome local state file and monitoring clipboard activities for sensitive information, including passwords and crypto keys.
It can also utilize evasion techniques and anti-forensics capabilities, such as the function to erase event logs and detect if it’s operating in a sandbox environment to prevent analysis efforts, according to Microsoft.
Currently, the tech leader indicates it cannot identify the perpetrators behind the malware but expresses hope that public dissemination of this information will decrease the number of potential victims.
Related: New MassJacker malware targets piracy users, steals crypto
“According to Microsoft’s current observations, the malware does not show extensive distribution as of now,” Microsoft confirmed.
“Nevertheless, due to its stealthy features and rapid developments within the malware landscape, we are sharing these insights as part of our continuous efforts to monitor, analyze, and report on the changing threat environment.”
Microsoft advises that to avoid becoming a victim of malware, users should install antivirus software, and incorporate cloud-based anti-phishing and anti-malware tools on their devices.
Losses resulting from crypto scams, exploits, and hacks reached almost $1.53 billion in February, with the $1.4 billion Bybit hack representing the majority of these losses, as reported by blockchain security firm CertiK.
Blockchain analytics company Chainalysis noted in its 2025 Crypto Crime Report that cryptocurrency-related crime has entered a professional phase characterized by AI-driven scams, stablecoin laundering, and highly organized cyber syndicates, with the past year recording $51 billion in illicit transaction volume.
Magazine: Absurd ‘Chinese Mint’ crypto scam, Japan embraces stablecoins: Asia Express
