Microsoft warns of new remote access trojan targeting crypto wallets

Tech giant Microsoft has discovered a new remote access trojan (RAT) that targets crypto held in 20 cryptocurrency wallet extensions for the Google Chrome browser.
Microsoft’s Incident Response Team said in a March 17 blog post that it first discovered the malware StilachiRAT last November and found it can steal information such as credentials stored in the browser, digital wallet information and data stored in the clipboard.
After deployment, the bad actors can use StilachiRAT to siphon crypto wallet data by scanning device settings to see if any of the 20 crypto wallet extensions are installed, including Coinbase Wallet, Trust Wallet, MetaMask and OKX Wallet.
The malware StilachiRAT can target crypto held in 20 different wallet extensions. Source: Microsoft
“Analysis of the StilachiRAT’s WWStartupCtrl64.dll module that contains the RAT capabilities revealed the use of various methods to steal information from the target system,” Microsoft said.
Among its other capabilities, the malware can extract credentials saved in the Google Chrome local state file and monitor clipboard activity for sensitive information like passwords and crypto keys.
It can also use detection evasion and anti-forensics features, like the ability to clear event logs and check for signs it’s running in a sandbox to block analysis attempts, according to Microsoft.
At the moment, the tech giant says it can’t pinpoint who is behind the malware but hopes that publicly sharing information will lower the number of people who might be snared.
Related: New MassJacker malware targets piracy users, steals crypto
“Based on Microsoft’s current visibility, the malware does not exhibit widespread distribution at this time,” Microsoft said.
“However, due to its stealth capabilities and the rapid changes within the malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on the evolving threat landscape.”
Microsoft suggests to avoid falling prey to malware; users should have antivirus software, cloud-based anti-phishing and anti-malware components on their devices.
Losses to crypto scams, exploits and hacks totaled nearly $1.53 billion in February, with the $1.4 billion Bybit hack accounting for the lion’s share of losses, according to blockchain security firm CertiK.
Blockchain analytics firm Chainalysis said in its 2025 Crypto Crime Report that crypto crime has entered a professionalized era dominated by AI-driven scams, stablecoin laundering, and efficient cyber syndicates, with the past year witnessing $51 billion in illicit transaction volume.
Magazine: Ridiculous ‘Chinese Mint’ crypto scam, Japan dives into stablecoins: Asia Express
Bitcoin (BTC) $ 108,715.00
Ethereum (ETH) $ 2,617.40
Tether (USDT) $ 0.999993
XRP (XRP) $ 2.33
BNB (BNB) $ 661.65
Solana (SOL) $ 152.59
USDC (USDC) $ 0.999806
TRON (TRX) $ 0.286753
Dogecoin (DOGE) $ 0.171614
Lido Staked Ether (STETH) $ 2,617.10
Cardano (ADA) $ 0.596787
Wrapped Bitcoin (WBTC) $ 108,657.00
Hyperliquid (HYPE) $ 39.24
Wrapped stETH (WSTETH) $ 3,160.39
Sui (SUI) $ 2.93
Bitcoin Cash (BCH) $ 505.71
Chainlink (LINK) $ 14.11
LEO Token (LEO) $ 9.12
Stellar (XLM) $ 0.266609
Avalanche (AVAX) $ 18.41
USDS (USDS) $ 0.999820
Wrapped eETH (WEETH) $ 2,806.73
Shiba Inu (SHIB) $ 0.000012
Hedera (HBAR) $ 0.164458
Toncoin (TON) $ 2.81
WETH (WETH) $ 2,619.19
Litecoin (LTC) $ 87.97
WhiteBIT Coin (WBT) $ 45.05
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 1.00
Monero (XMR) $ 322.91
Coinbase Wrapped BTC (CBBTC) $ 108,812.00
Ethena USDe (USDE) $ 1.00
Polkadot (DOT) $ 3.49
Bitget Token (BGB) $ 4.34
Uniswap (UNI) $ 7.78
Aave (AAVE) $ 300.38
Pepe (PEPE) $ 0.000010
Dai (DAI) $ 1.00
Pi Network (PI) $ 0.462070
Ethena Staked USDe (SUSDE) $ 1.18
Bittensor (TAO) $ 325.51
Cronos (CRO) $ 0.094275
Aptos (APT) $ 4.51
OKB (OKB) $ 48.37
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
NEAR Protocol (NEAR) $ 2.27
Jito Staked SOL (JITOSOL) $ 185.26
Internet Computer (ICP) $ 4.89
Ethereum Classic (ETC) $ 17.07
Ondo (ONDO) $ 0.805151
sUSDS (SUSDS) $ 1.06
USD1 (USD1) $ 1.00
Kaspa (KAS) $ 0.078522
Mantle (MNT) $ 0.579911
Fasttoken (FTN) $ 4.45
Gate (GT) $ 16.04
Cosmos Hub (ATOM) $ 4.19
VeChain (VET) $ 0.021302
POL (ex-MATIC) (POL) $ 0.202289
Artificial Superintelligence Alliance (FET) $ 0.677760
Official Trump (TRUMP) $ 8.65
Sky (SKY) $ 0.079931
Ethena (ENA) $ 0.267442
Arbitrum (ARB) $ 0.340885
Bonk (BONK) $ 0.000022
Render (RENDER) $ 3.23
Lombard Staked BTC (LBTC) $ 108,337.00
Filecoin (FIL) $ 2.35
Binance-Peg WETH (WETH) $ 2,617.37
Algorand (ALGO) $ 0.183696
Quant (QNT) $ 107.32
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 4.53
Worldcoin (WLD) $ 0.873238
Sei (SEI) $ 0.262499
USDtb (USDTB) $ 0.999806
First Digital USD (FDUSD) $ 0.998324
Binance Staked SOL (BNSOL) $ 162.07
KuCoin (KCS) $ 11.07
USDT0 (USDT0) $ 1.00
SPX6900 (SPX) $ 1.42
Jupiter (JUP) $ 0.438074
Kelp DAO Restaked ETH (RSETH) $ 2,745.00
Rocket Pool ETH (RETH) $ 2,984.38
NEXO (NEXO) $ 1.21
Celestia (TIA) $ 1.64
Tokenize Xchange (TKX) $ 13.34
Flare (FLR) $ 0.016042
Polygon Bridged USDT (Polygon) (USDT) $ 0.999957
XDC Network (XDC) $ 0.065885
Fartcoin (FARTCOIN) $ 1.05
Injective (INJ) $ 10.55
Mantle Staked Ether (METH) $ 2,813.98
Stacks (STX) $ 0.658910
Binance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999886
Sonic (S) $ 0.305737
StakeWise Staked ETH (OSETH) $ 2,751.79
Optimism (OP) $ 0.553402
Virtuals Protocol (VIRTUAL) $ 1.47
SyrupUSDC (SYRUPUSDC) $ 1.11
Pudgy Penguins (PENGU) $ 0.014714