StilachiRAT Malware Targets Crypto Wallet Extensions on Chrome

The malware, called StilachiRAT, has been found in at least 20 different wallet extensions, including popular ones like Coinbase $1.71B Wallet, OKX $2.54B Wallet, MetaMask, and Trust Wallet.

Microsoft’s security team first identified the threat in November 2024 and found that it is capable of extracting sensitive information from infected devices. Once active, it scans a system for crypto wallet extensions and gathers sensitive information, such as login credentials, wallet data, and clipboard content. By monitoring copied text, it can capture passwords and private keys.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is Ripple? Beginner-Friendly XRP Explainer (Animated)

SUBSCRIBE

ON YOUTUBE

The malware also includes stealth features to make detection difficult. It can erase system logs and identify whether it is running in a virtual environment, which prevents cybersecurity analysts from studying it easily.

Microsoft examined its WWStartupCtrl64.dll module and confirmed that StilachiRAT uses multiple techniques to access stored data and operate undetected.

Microsoft has not determined who is behind the malware. However, the company warns that while it is not yet widely spread, its ability to operate quietly makes it a concern. To reduce the risk of infection, Microsoft recommends using antivirus software, enabling cloud-based security protections, and keeping anti-malware tools active.

Kaspersky, a cybersecurity firm, recently reported that hackers used SilentCryptoMiner, a crypto-mining malware, to steal crypto from YouTube creators. How did they use the malware? Read the full story.