Microsoft has uncovered a stealthy digital predator lurking in the shadows of the internet. Dubbed StilachiRAT, this remote access trojan was discovered in November 2024 and has been silently targeting cryptocurrency wallet extensions on Google Chrome. Bad news for crypto bros everywhere.
The malware isn’t picky about which digital wallets it infiltrates. Over 20 popular crypto wallets are in its crosshairs, including MetaMask, Coinbase Wallet, Trust Wallet, and Phantom. Basically, if you’ve got crypto, StilachiRAT wants it. And it’s pretty good at getting it too.
StilachiRAT doesn’t discriminate—it hunts any crypto wallet it finds, eager to drain your digital treasure chest.
What makes this RAT particularly nasty is its sophisticated evasion techniques. It clears system logs. It waits two hours before connecting to command-and-control servers. It checks for analysis tools and shuts down if it thinks it’s being watched. Sneaky little thing.
Once installed, StilachiRAT goes to work. It scans for wallet extensions, decrypts saved Chrome passwords, and monitors clipboard activity. It’s like having a digital pickpocket watching your every move. The malware supports ten different commands for system manipulation, giving attackers plenty of options for wreaking havoc.
Microsoft hasn’t yet identified exactly how StilachiRAT is being distributed. The company warns users to download software only from official sources to avoid infection. Users with hardware wallets may have enhanced protection since their private keys are stored offline and less vulnerable to this type of attack. Could be phishing emails. Could be fake downloads. Could be compromised websites. Who knows? What we do know is that the impact could be devastating—billions in potential losses.
The malware hasn’t been attributed to any specific threat actor or geographic region yet. It’s just floating out there, anonymous and dangerous. Like most things on the internet.
For crypto users, the implications are clear. Your digital assets aren’t as secure as you might think. StilachiRAT can potentially drain wallets, compromise exchange accounts, and access both hot and cold storage solutions. Microsoft strongly recommends installing anti-malware software and implementing cloud-based anti-phishing components to protect against this threat.
Microsoft continues monitoring the situation, but for now, StilachiRAT remains an evolving threat. Just one more reason to maybe reconsider keeping your life savings in digital cat money.
