New Trojan Malware Puts Crypto Wallets at Risk
Microsoft has issued a critical security warning about StilachiRAT, a newly discovered Trojan malware designed to steal cryptocurrency wallet data from Google Chrome extensions.
First identified by Microsoft’s Incident Response team in November 2024, StilachiRAT can extract:
- Stored browser credentials
- Crypto wallet information
- Clipboard content (which may include private keys)
- System details for further exploitation
Which Wallets Are Affected?
StilachiRAT targets at least 20 different crypto wallet extensions, including:
MetaMask, Coinbase Wallet, Trust Wallet, Phantom Wallet, OKX Wallet, BNB Chain Wallet, TronLink, TokenPocket, Bitget Wallet, Sui Wallet, Keplr, Math Wallet, Manta Wallet, Leap Cosmos Wallet, Fractal Wallet, Compass Wallet (Sei), ConfluxPortal, Plug Wallet, Braavos – Starknet Wallet and Station Wallet.
While the malware has not yet been widely distributed, its stealthy methods make it a serious threat to crypto holders.
⚠️ A new malware is targeting crypto wallets, with the goal of stealing funds.
— MetaMask.eth 🦊 (@MetaMask) March 18, 2025
Malware is always evolving. A few ways to remain safe:
✅ Download software only from official sources
✅ Get and use a hardware wallet
✅ Be cautious of phishing links
✅ Enable 2FA where possible https://t.co/C34Ee9voDM
⚠️ A new malware is targeting crypto wallets, with the goal of stealing funds.
— MetaMask.eth 🦊 (@MetaMask) March 18, 2025
Malware is always evolving. A few ways to remain safe:
✅ Download software only from official sources
✅ Get and use a hardware wallet
✅ Be cautious of phishing links
✅ Enable 2FA where possible https://t.co/C34Ee9voDM
How StilachiRAT Works
The malware uses advanced evasion techniques to remain undetected and persist within a user’s system.
- A key component, WWStartupCtrl64.dll, is responsible for stealing credentials and crypto wallet data.
- It operates silently within infected systems, making detection difficult.
- Microsoft has not yet identified the creators of the malware, but is actively investigating and issuing security guidance.
How to Protect Your Crypto Assets
Microsoft recommends taking the following urgent security steps to protect your crypto wallets:
- Check your browser extensions—remove any unrecognized or suspicious plugins.
- Clear your browsing history to eliminate potential traces of malware activity.
- Run a full antivirus scan using trusted security software.
- Avoid downloading files from unknown sources or clicking on suspicious links.
- Use a hardware wallet for added security instead of browser-based wallets.
- Enable two-factor authentication (2FA) on all crypto-related accounts.
Microsoft’s Response & Next Steps
Microsoft is actively tracking StilachiRAT and providing mitigation guidance to minimize its impact. With crypto-targeting malware on the rise, users must stay vigilant and implement strong security measures to safeguard their digital assets.
