Microsoft alerted users to a new Trojan malware named StilachiRAT. This malware targets cryptocurrency wallet extensions on Google Chrome browsers.
Microsoft’s Incident Response team found StilachiRAT in November 2024.
StilachiRAT steals data such as browser credentials, digital wallet details, clipboard content, and system information.
StilachiRAT impacts 20 crypto wallet extensions, including Bitget Wallet, Trust Wallet, TronLink, MetaMask, TokenPocket, BNB Chain Wallet, OKX Wallet, Sui Wallet, Braavos – Starknet Wallet, Coinbase Wallet, Leap Cosmos Wallet, Manta Wallet, Keplr, Phantom, Compass Wallet for Sei, Math Wallet, Fractal Wallet, Station Wallet, ConfluxPortal, and Plug.
Current distribution is not widespread. Stealth operation methods make it a serious threat.
Recommended User Actions
Users of crypto wallet extensions on Google Chrome should take precautions.
Microsoft advises users to check browser plugins, delete browser history, and run antivirus scans.
Users should avoid downloading unknown files. Users must secure their crypto wallets.
How StilachiRAT Operates
StilachiRAT uses techniques to evade detection and stay in systems. Component WWStartupCtrl64.dll gathers sensitive data.
Data includes browser and crypto wallet credentials. This function makes it a significant threat to wallet extension users.
Microsoft has not identified StilachiRAT’s creators or source. Microsoft shared these findings to inform users and address cyber threats.
Security Advice
Microsoft offers guidance to reduce StilachiRAT’s impact. StilachiRAT spreads through different methods. Implementing security measures prevents system compromise.
Also Read: US DOJ Busts Botnet Boss, Yune Wang, For Orchestrating $130m Cyberscam
