New Microsoft Discovery Reveals Malware Targeting Cryptocurrency Wallets on Chrome

Microsoft's security team has recently uncovered a remote access trojan (RAT) targeting cryptocurrency wallets used in Google Chrome.

This malware, named StilachiRAT, was first identified last November and has since been found to steal sensitive data such as wallet credentials, passwords, and other private information stored in the browser.

The attack primarily affects users with specific cryptocurrency wallet extensions installed, including popular wallets like MetaMask, Trust Wallet, and Coinbase Wallet. StilachiRAT silently scans the device for these wallets, allowing the malware to access and exfiltrate crypto-related data once it’s deployed. Microsoft’s investigation revealed that the malware can even monitor clipboard activity, capturing private keys and other valuable data, as well as extract stored credentials from the Chrome local state file.

One of the concerning features of StilachiRAT is its ability to avoid detection. The malware uses various techniques, including erasing event logs and detecting if it’s being analyzed in a controlled environment like a sandbox. These evasion tactics make it particularly difficult to track and neutralize. While Microsoft hasn’t pinpointed the attackers behind this threat, the company has shared its findings in the hopes of reducing the number of victims and raising awareness.

The malware’s relatively limited distribution so far doesn’t lessen the threat it poses, as its stealth capabilities make it an ongoing concern for cryptocurrency users. Microsoft urges all internet users, especially those involved in cryptocurrency trading, to enhance their security measures. Employing antivirus programs and using cloud-based anti-malware solutions can help mitigate the risk of such targeted attacks. As cybercrime in the crypto space continues to grow, incidents like these highlight the importance of staying vigilant and proactive in safeguarding digital assets.