StilachiRAT: A Growing Threat to Cryptocurrency Users
Microsoft has identified StilachiRAT, a dangerous remote access trojan (RAT) designed to steal data from cryptocurrency wallets and web browsers. The malware actively scans Google Chrome for wallet extensions, targeting at least 20 digital wallets, including:
- MetaMask
- Trust Wallet
- Phantom
- Coinbase
- BNB Chain
- Bitget Wallet
Once it detects these wallets, StilachiRAT extracts credentials and configuration details, allowing attackers to drain funds from victims’ accounts.
DON’T MISS THIS: Australian Man Becomes First to Survive Over 100 Days with Total Artificial Heart Before Successful Transplant
How StilachiRAT Steals Crypto Assets
This malware goes beyond simply scanning browser data. StilachiRAT also:
- Monitors clipboard activity to steal copied cryptocurrency keys and passwords
- Executes remote commands to control infected devices
- Clears logs and manipulates registry settings for persistence
- Uses anti-forensic techniques to evade detection
- Collects detailed system data, including operating system details and active applications
- Monitors Remote Desktop Protocol (RDP) sessions, allowing hackers to impersonate users
By combining these tactics, attackers can maintain long-term access to compromised systems, increasing the risk for crypto users.
Microsoft’s Security Recommendations
Although StilachiRAT is not yet widespread, Microsoft warns that proactive defense is crucial. The company advises users to:
- Download software only from official sources
- Enable Microsoft Defender real-time protection
- Turn on cloud-delivered security
- Utilize SmartScreen to block malicious websites
Crypto Industry Faces Persistent Cyber Threats
The cryptocurrency sector has always been a prime target for cybercriminals. Malware attacks and phishing scams continue to evolve, leading to major security breaches.
In one of the largest hacks to date, the $1.4 billion Bybit attack allegedly began with malware disguised as a fake stock investment platform. Similarly, cybercriminals have used social engineering tactics, such as fake job interviews, to distribute malware.
StilachiRAT’s command-and-control (C2) server allows hackers to launch various attacks, including:
- System reboots
- Credential theft
- Application execution
- Suspending the system
- Manipulating Windows registry settings
With such advanced capabilities, StilachiRAT poses a serious threat to crypto holders and businesses.
Final Thoughts
Microsoft’s warning highlights the growing sophistication of malware targeting the crypto industry. Users must remain vigilant, implement strong security measures, and stay informed about emerging threats like StilachiRAT.
