Microsoft Warns of New Remote Access Trojan Targeting Crypto Wallets

Microsoft has identified a new remote access trojan (RAT) named StilachiRAT, which specifically targets cryptocurrency wallets and browser-stored credentials. The company’s Incident Response Team first detected the malware in November 2024 and has now issued a public warning to help mitigate its impact before it spreads further.

According to Microsoft’s analysis, StilachiRAT is designed to steal sensitive information, including credentials stored in the Google Chrome browser, clipboard data, and digital wallet information. The malware scans infected systems for crypto wallet extensions such as MetaMask, Coinbase Wallet, Trust Wallet, and OKX Wallet, making it a direct threat to crypto holders.

Microsoft Warns Users

Once deployed, the malware can extract saved credentials, monitor clipboard activity for private keys and passwords, and establish communication with a remote command-and-control (C2) server.

It uses advanced evasion tactics, including clearing event logs and checking for sandbox environments to prevent detection. Microsoft has not yet attributed the malware to a specific group or region, but its stealth capabilities indicate a sophisticated actor behind its development.

While StilachiRAT has not yet reached widespread distribution, Microsoft warns that its ability to operate undetected makes it a serious risk. The company recommends using updated antivirus software, cloud-based anti-phishing tools, and strong endpoint security to mitigate potential threats.

The discovery of StilachiRAT comes amid a broader rise in crypto-related cybercrime. Recent reports from blockchain security firm CertiK revealed that losses from hacks, scams, and exploits in February alone totaled nearly $1.53 billion, with the Bybit hack accounting for a significant portion.

Meanwhile, Chainalysis’ 2025 Crypto Crime Report highlights an ongoing shift toward AI-driven scams, stablecoin laundering, and organized cybercrime networks, with illicit crypto transactions surpassing $51 billion over the past year.