Microsoft Issues Alert on Remote Access Trojan Attacking Crypto Wallets

Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.

On March 17, Microsoft’s Incident Response Team reported the discovery of a new remote access trojan (RAT) designed to steal cryptocurrency-related data. This malware specifically scans for configuration files from 20 different crypto wallet extensions used in the Google Chrome browser. Doing this can extract vital details that help attackers gain access to digital assets.

Key Capabilities of RAT Malware

In a detailed blog post, the Microsoft team explained that the RAT malware known as StilachiRAT was first discovered in November 2024 and employs advanced methods to avoid detection.

Among the targeted crypto wallet extensions are Bitget Wallet (formerly Bitkeep), Trust Wallet, TronLink, MetaMask (Ethereum), BNB Chain Wallet, OKX Wallet, TokenPocket, and many others. These widely used wallets store critical financial data, making them valuable targets for cybercriminals.

Beyond its primary goal of compromising crypto wallets, Microsoft revealed that the RAT malware is also designed for deep system infiltration, allowing attackers to gain extensive control over infected devices.

One of the key features of StilachiRAT is system reconnaissance. The malware gathers detailed system information, including operating system details, hardware identifiers, camera presence, and active Remote Desktop Protocol (RDP) sessions.

The malware also specializes in credential theft. It extracts and decrypts saved credentials from Google Chrome, granting hackers access to stored usernames and passwords. This capability extends the threat beyond crypto wallet extensions, putting other sensitive accounts at risk.

To maintain communication with its operators, StilachiRAT establishes command-and-control (C2) connectivity. It connects to remote servers through TCP ports 53, 443, or 16000, allowing attackers to execute commands remotely.

Through this C2 connection, the RAT supports various command executions. Attackers can restart systems, erase logs, manipulate registry settings, launch applications, and even suspend system processes.

These features, combined with many others, make StilachiRAT a powerful tool for cybercriminals seeking to maintain control over compromised devices.

Microsoft Asserts RAT Malware Shows Limited Spread

While the RAT malware capabilities are concerning, particularly to crypto wallet extensions, Microsoft has not yet attributed the trojan to a specific threat actor or geographic region.

The Microsoft alert explains that, at this time, the malware does not show widespread distribution. However, due to its stealth features and the rapidly evolving malware space, the team continues to monitor and analyze the situation to keep security professionals and users informed.

It is important to note that early detection is key to preventing harm before cybercriminals can exploit vulnerabilities.

Last month, Kaspersky Labs discovered another crypto-targeting malware hidden in software development kits (SDKs) used for creating Android and iOS apps.

This malware, named SparkCat, infiltrates devices and scans stored images to steal sensitive recovery phrases for cryptocurrency wallets, putting digital assets in danger.

Cybercriminals are constantly refining their tactics. Last month, a Kaspersky analyst uncovered a large-scale malware campaign involving hundreds of fake GitHub projects.

These repositories contain harmful software such as RATs, info-stealers, and clipboard hijackers. Their primary goal is to compromise crypto wallet extensions, steal digital assets, and extract confidential user data.

The Microsoft alert serves as a strong reminder for crypto users and developers to stay vigilant, update security protocols, and take preventive measures against emerging cyber threats.

About Jimmy Aki PRO INVESTOR

Based in the UK, Jimmy is an economic researcher with outstanding hands-on and heads-on experience in Macroeconomic finance analysis, forecasting and planning. He has honed his skills having worked cross-continental as a finance analyst, which gives him inter-cultural experience. He currently has a strong passion for regulation and macroeconomic trends as it allows him peek under the global bonnet to see how the world works.