Microsoft warns of new remote access trojan targeting crypto wallets
Tech giant Microsoft has discovered a new remote access trojan (RAT) that targets crypto held in 20 cryptocurrency wallet extensions for the Google Chrome browser.
Microsoft’s Incident Response Team said in a March 17 blog post that it first discovered the malware StilachiRAT last November and found it can steal information such as credentials stored in the browser, digital wallet information and data stored in the clipboard.
After deployment, the bad actors can use StilachiRAT to siphon crypto wallet data by scanning device settings to see if any of the 20 crypto wallet extensions are installed, including Coinbase Wallet, Trust Wallet, MetaMask and OKX Wallet.
The malware StilachiRAT can target crypto held in 20 different wallet extensions. Source: Microsoft
“Analysis of the StilachiRAT’s WWStartupCtrl64.dll module that contains the RAT capabilities revealed the use of various methods to steal information from the target system,” Microsoft said.
Among its other capabilities, the malware can extract credentials saved in the Google Chrome local state file and monitor clipboard activity for sensitive information like passwords and crypto keys.
It can also use detection evasion and anti-forensics features, like the ability to clear event logs and check for signs it’s running in a sandbox to block analysis attempts, according to Microsoft.
At the moment, the tech giant says it can’t pinpoint who is behind the malware but hopes that publicly sharing information will lower the number of people who might be snared.
Related: New MassJacker malware targets piracy users, steals crypto
“Based on Microsoft’s current visibility, the malware does not exhibit widespread distribution at this time,” Microsoft said.
“However, due to its stealth capabilities and the rapid changes within the malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on the evolving threat landscape.”
Microsoft suggests to avoid falling prey to malware; users should have antivirus software, cloud-based anti-phishing and anti-malware components on their devices.
Losses to crypto scams, exploits and hacks totaled nearly $1.53 billion in February, with the $1.4 billion Bybit hack accounting for the lion’s share of losses, according to blockchain security firm CertiK.
Blockchain analytics firm Chainalysis said in its 2025 Crypto Crime Report that crypto crime has entered a professionalized era dominated by AI-driven scams, stablecoin laundering, and efficient cyber syndicates, with the past year witnessing $51 billion in illicit transaction volume.
Magazine: Ridiculous ‘Chinese Mint’ crypto scam, Japan dives into stablecoins: Asia Express
Bitcoin (BTC) $ 104,214.00
Ethereum (ETH) $ 2,504.61
Tether (USDT) $ 1.00
XRP (XRP) $ 2.17
BNB (BNB) $ 642.05
Solana (SOL) $ 145.32
USDC (USDC) $ 0.999895
TRON (TRX) $ 0.274689
Dogecoin (DOGE) $ 0.170050
Lido Staked Ether (STETH) $ 2,503.57
Cardano (ADA) $ 0.599255
Wrapped Bitcoin (WBTC) $ 104,162.00
Hyperliquid (HYPE) $ 36.14
Wrapped stETH (WSTETH) $ 3,018.55
Bitcoin Cash (BCH) $ 494.33
Sui (SUI) $ 2.83
Chainlink (LINK) $ 13.03
LEO Token (LEO) $ 9.00
Stellar (XLM) $ 0.249856
Avalanche (AVAX) $ 17.93
Toncoin (TON) $ 2.95
USDS (USDS) $ 0.999848
WhiteBIT Coin (WBT) $ 49.29
Shiba Inu (SHIB) $ 0.000012
WETH (WETH) $ 2,504.75
Wrapped eETH (WEETH) $ 2,680.29
Litecoin (LTC) $ 85.08
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.999419
Hedera (HBAR) $ 0.146804
Monero (XMR) $ 315.25
Ethena USDe (USDE) $ 1.00
Polkadot (DOT) $ 3.55
Bitget Token (BGB) $ 4.26
Coinbase Wrapped BTC (CBBTC) $ 104,259.00
Uniswap (UNI) $ 7.57
Pepe (PEPE) $ 0.000010
Pi Network (PI) $ 0.535204
Aave (AAVE) $ 252.67
Dai (DAI) $ 0.999511
Ethena Staked USDe (SUSDE) $ 1.18
OKB (OKB) $ 52.69
Bittensor (TAO) $ 348.18
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
Cronos (CRO) $ 0.090914
Aptos (APT) $ 4.36
Internet Computer (ICP) $ 5.03
NEAR Protocol (NEAR) $ 2.19
Jito Staked SOL (JITOSOL) $ 175.76
sUSDS (SUSDS) $ 1.06
Ethereum Classic (ETC) $ 16.63
Ondo (ONDO) $ 0.765658
Tokenize Xchange (TKX) $ 29.40
USD1 (USD1) $ 1.00
Mantle (MNT) $ 0.630515
Fasttoken (FTN) $ 4.42
Gate (GT) $ 15.46
Official Trump (TRUMP) $ 9.29
VeChain (VET) $ 0.021525
Kaspa (KAS) $ 0.069731
Cosmos Hub (ATOM) $ 4.02
Lombard Staked BTC (LBTC) $ 104,111.00
Artificial Superintelligence Alliance (FET) $ 0.679121
Ethena (ENA) $ 0.282482
Sky (SKY) $ 0.079081
POL (ex-MATIC) (POL) $ 0.187565
Render (RENDER) $ 3.18
Filecoin (FIL) $ 2.34
USDT0 (USDT0) $ 0.999884
Worldcoin (WLD) $ 0.931731
Binance-Peg WETH (WETH) $ 2,503.85
First Digital USD (FDUSD) $ 0.999657
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 4.36
Arbitrum (ARB) $ 0.299142
Algorand (ALGO) $ 0.169803
USDtb (USDTB) $ 0.999586
KuCoin (KCS) $ 11.06
Binance Staked SOL (BNSOL) $ 154.03
SPX6900 (SPX) $ 1.32
NEXO (NEXO) $ 1.21
Flare (FLR) $ 0.017668
Jupiter (JUP) $ 0.403650
Rocket Pool ETH (RETH) $ 2,851.66
Kelp DAO Restaked ETH (RSETH) $ 2,622.24
Celestia (TIA) $ 1.63
Virtuals Protocol (VIRTUAL) $ 1.68
Injective (INJ) $ 11.25
Bonk (BONK) $ 0.000014
Sei (SEI) $ 0.190148
Kaia (KAIA) $ 0.174475
Sonic (S) $ 0.320699
Polygon Bridged USDT (Polygon) (USDT) $ 1.00
Fartcoin (FARTCOIN) $ 1.01
Binance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999755
Optimism (OP) $ 0.560843
PayPal USD (PYUSD) $ 0.999679
Stacks (STX) $ 0.615851
XDC Network (XDC) $ 0.057570
Mantle Staked Ether (METH) $ 2,675.41
StakeWise Staked ETH (OSETH) $ 2,626.21
AB (AB) $ 0.014546
