Microsoft Uncovers Crypto-Stealing Malware, StilachiRAT, Targeting 20 Wallet Extensions

Microsoft has identified a new remote access trojan (RAT) designed to target cryptocurrency stored in browser-based wallet extensions. The malware, dubbed StilachiRAT, has the capability to steal credentials, digital wallet information, and sensitive clipboard data, posing a significant threat to crypto users.
A Sophisticated Attack on Crypto Wallets
According to Microsoft’s Incident Response Team, StilachiRAT was first detected in November 2023 and has since been analyzed for its potential risks. In a blog post, Microsoft revealed that the malware scans a device’s settings to detect and compromise up to 20 cryptocurrency wallet extensions.
“Analysis of StilachiRAT’s WWStartupCtrl64.dll module revealed various methods used to extract sensitive data from target systems,” Microsoft stated.
Among its capabilities, StilachiRAT can:
- Extract credentials stored in Google Chrome’s local state file.
- Monitor clipboard activity to capture passwords and crypto keys.
- Evade detection using anti-forensic techniques, such as clearing event logs and checking if it’s running in a sandbox to prevent analysis.
A Stealthy and Evolving Threat
While Microsoft has not yet identified the actors behind StilachiRAT, the company warns that its stealth features and the evolving malware ecosystem make it a significant concern, according to Cointelegraph.
“Based on Microsoft’s current visibility, the malware does not exhibit widespread distribution at this time,” the company noted. “However, due to its stealth capabilities and the rapid changes within the malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on the evolving threat landscape.”
To mitigate the risk, Microsoft advises users to deploy antivirus software, enable cloud-based anti-phishing tools, and use anti-malware components to protect their digital assets.
Rising Crypto Threats in 2024
The discovery of StilachiRAT comes amid a surge in crypto-related cybercrime. According to blockchain security firm CertiK, losses from crypto scams, hacks, and exploits reached nearly $1.53 billion in February, with the $1.4 billion Bybit hack accounting for most of the damage.
Meanwhile, Chainalysis’ 2025 Crypto Crime Report highlights the increasing professionalization of cybercrime, with AI-driven scams, stablecoin laundering, and organized cyber syndicates fueling an illicit transaction volume of $51 billion in the past year.
As threats continue to evolve, Microsoft’s findings underscore the importance of heightened cybersecurity measures in the crypto space.