News
Microsoft warns crypto users of StilachiRAT malware attacking wallets
Microsoft has issued a warning about a newly discovered malware, StilachiRAT, which specifically targets cryptocurrency wallets and extracts sensitive browser data, including information from Google Chrome.
Described as a remote access trojan (RAT), StilachiRAT possesses advanced capabilities to avoid detection while stealing critical data.
The malware poses a serious threat to cryptocurrency users by scanning for wallet extensions in Chrome, targeting at least 20 different wallets, including MetaMask, Trust Wallet, Phantom, Coinbase, BNB Chain, and Bitget Wallet.
Once these extensions are identified, StilachiRAT extracts credentials and configuration details, enabling attackers to access and drain victims’ funds.
StilachiRAT also monitors clipboard activity, searching for cryptocurrency keys or passwords that users may have copied. This significantly heightens security risks for digital asset holders.
The malware allows attackers to execute remote commands, clear logs, and manipulate registry settings to maintain persistent access. It employs anti-forensic techniques, such as identifying analysis tools and delaying execution, to bypass security defenses.
A particularly concerning feature of StilachiRAT is its ability to conduct system reconnaissance, collecting detailed information about infected devices, including operating system data, hardware identifiers, and active applications. It also monitors Remote Desktop Protocol sessions, allowing attackers to impersonate users and spread across networks.
While the malware is not yet widespread, Microsoft has urged users to take preventive measures, warning that malware like StilachiRAT can be installed through multiple attack vectors.
To mitigate risks, the company recommends downloading software only from official sources, enabling Microsoft Defender real-time protection, turning on cloud-delivered security, and using SmartScreen to block malicious websites.
The cryptocurrency industry has long been a prime target for sophisticated malware and cyberattacks, with hackers constantly refining their techniques to exploit vulnerabilities. From wallet-draining trojans to phishing scams, cybercriminals continue to develop new methods to infiltrate and steal digital assets.
StilachiRAT, with its extensive capabilities, can execute commands from a remote control server, including system reboots, log clearing, credential theft, application execution, and system manipulation. It can also suspend the system, modify Windows registry values, and monitor open windows, making it a highly versatile tool for espionage and cyberattacks.
Last year, on-chain investigator Taylor Monahan exposed a sophisticated social engineering scam in which malware was distributed through fake job interviews, further highlighting the evolving tactics of cybercriminals targeting the crypto space.
Bodex F. Hungbo, SPMIIM is a multiple award-winning Nigerian Digital Media Practitioner, Digital Strategist, PR consultant, Brand and Event Expert, Tv Presenter, Tier-A Blogger/Influencer, and a top cobbler in Nigeria.
She has widespread experiences across different professions and skills, which includes experiences in; Marketing, Media, Broadcasting, Brand and Event Management, Administration and Management with prior stints at MTN, NAPIMS-NNPC, GLOBAL FLEET OIL AND GAS, LTV, Silverbird and a host of others
