Microsoft has uncovered a stealthy new threat lurking in the digital shadows. The newly discovered StilachiRAT malware has cryptocurrency holders in its crosshairs, specifically targeting popular wallets like MetaMask, Coinbase, and Trust Wallet. The remote access trojan, identified in November 2024, isn’t widespread yet—but that’s hardly comforting.
This isn’t your garden-variety malware. StilachiRAT scans for more than 20 Chrome-based crypto wallet extensions, patiently waiting to drain accounts. Think your digital assets are safe? Think again. The malware employs sophisticated evasion techniques, making detection frustratingly difficult. This particularly impacts hot wallets which remain connected to the internet and are therefore more vulnerable to such attacks.
Once installed through a compromised library file called WWStartupCtrl64.dll, StilachiRAT gets busy. It extracts stored Chrome credentials, monitors clipboards for sensitive data, and gathers extensive system information. Great, another digital parasite with boundary issues. Users should implement strong encryption protocols to protect private keys from being compromised by this type of malware.
What makes this threat particularly nasty is its patience. The malware waits two hours before connecting to its command and control server—a clever trick to avoid raising immediate alarms. It even clears event logs to cover its tracks. Sneaky.
The malware’s capabilities are impressive, in the worst possible way. It can launch up to 10 different commands from its remote server, manipulate infected systems, and impersonate users by duplicating security tokens. It monitors active RDP sessions and creates new outbound connections for data exfiltration. Experts recommend using hardware wallets for storing high-value cryptocurrencies offline to prevent compromise by this type of sophisticated malware.
Microsoft’s security team isn’t just sounding alarms—they’re offering solutions. Their recommendations include downloading software only from official sources, using browsers with built-in security features, and enabling two-factor authentication for wallet access.
For crypto holders, the threat is real. Wallets including TronLink, Phantom, Keplr, Math Wallet, and many others are on StilachiRAT’s hit list. Hardware wallets for long-term storage might be worth considering. Because in the wild west of cryptocurrency, apparently even your digital wallet isn’t safe from modern-day bandits.
