- Microsoft’s Incident Response team has identified a remote access trojan that employs advanced techniques to steal information and evade detection.
- StilachiRAT scans data from 20 cryptocurrency wallet extensions in Chrome, prompting recommendations to switch to Microsoft Edge for better security.
Microsoft’s Incident Response team has identified a new remote access trojan (RAT) named StilachiRAT, which specifically targets Google Chrome users. This malware focuses on cryptocurrency wallet extensions, accessing Windows registry key settings to check for their presence, and potentially compromising users’ digital assets.
StilachiRAT has been observed targeting several popular crypto wallets, including Bitget Wallet (formerly BitKeep), Trust Wallet, The OKX Wallet, BNB Chain Wallet, Coinbase Wallet, and TronLink. The malware locates these wallets by scanning for their Chrome extension identifiers. If it detects any of these extensions, it may attempt to manipulate or steal cryptocurrency from affected users.
According to Microsoft’s report, StilachiRAT continuously monitors clipboard content, actively searching for sensitive data such as passwords and cryptocurrency keys while tracking active windows and applications. Additionally, the malware employs anti-forensic tactics to evade detection. It clears event logs, detects analysis tools, and implements sandbox-evading techniques, making it harder for security software to identify and remove it.
Microsoft’s Security Recommendations
To combat this threat, Microsoft advises users to switch to browsers that support SmartScreen technology, such as Microsoft Edge. This security feature helps reduce the attack surface and prevent malware from infiltrating systems.
SmartScreen is a cloud-based anti-phishing and anti-malware component integrated into Microsoft products, including Windows and Edge. It works by analyzing websites and downloads for potential threats, blocking access to malicious sites, and preventing harmful downloads. This added layer of protection helps Crypto holders stay secure from emerging cyber threats like StilachiRAT.
Beyond stealing credentials, StilachiRAT poses a significant risk by moving laterally across networks. The malware is designed to monitor Remote Desktop Protocol (RDP) sessions, capture active window information, and impersonate users, allowing attackers to gain deeper access to corporate systems.
Despite Microsoft’s push for Edge, Google Chrome continues to dominate the desktop browser market, with a market share approximately four times larger than Edge. However, for users who choose to remain on Chrome, Microsoft recommends installing security-focused browser extensions, adjusting Chrome settings to enhance security, and downloading software only from official sources.
StilachiRAT is just one of many rapidly evolving cyber threats. According to a CNF report, crypto scams and hacks resulted in a staggering $1.53 billion in losses in February alone, with the $1.4 billion Bybit hack making up the bulk of these damages.
Additionally, Chainalysis’ 2025 Crypto Crime Report highlights the increasing professionalization of cybercrime. It points to AI-driven scams, stablecoin laundering, and highly efficient cyber syndicates as the primary threats. The report warns of a cybercrime ecosystem dominated by fraud cartels, nation-state hackers, and AI-powered scams, reinforcing the urgent need for stronger security measures across the digital landscape.
