StilachiRAT Malware Targeting Digital Wallets

Microsoft’s incident response team has discovered a new remote access trojan (RAT) called StilachiRAT that poses a serious threat to cryptocurrency users.

StilachiRAT can collect system information, steal login credentials, and extract data from digital wallets. Although it has not yet spread widely, its potential impact worries the crypto community.

How Does StilachiRAT Threaten Crypto Investors?

StilachiRAT is more than just another malware—it represents an evolution in cyber threats targeting digital assets.

Microsoft reported on March 17 that once StilachiRAT infiltrates a system, it begins reconnaissance. It gathers details about the operating system, hardware identifiers, camera presence, and active Remote Desktop Protocol (RDP) sessions. Then, it focuses on stealing credentials stored in Chrome and data from the clipboard, where users often copy passwords or wallet keys.

This trojan specifically targets 20 cryptocurrency wallet extensions on Google Chrome. Some well-known wallets at risk include Metamask, Trust Wallet, Coinbase Wallet, TronLink, TokenPocket, BNB Chain Wallet, OKX Wallet, Sui Wallet, and Phantom.

“StilachiRAT targets a list of specific cryptocurrency wallet extensions for the Google Chrome browser. It accesses the settings in the following registry key and validates if any of the extensions are installed,” Microsoft warned.

Microsoft’s report highlights StilachiRAT’s advanced anti-forensic capabilities. It can delete event logs and assess system conditions to avoid detection.

To mitigate the threat, Microsoft advises users to download software only from official sources and avoid suspicious websites or attachments. Enabling real-time protection in Microsoft Defender and using browsers with SmartScreen can help block malicious sites.

Additionally, Microsoft recommends enabling multi-factor authentication (MFA) and regularly updating software to minimize risks.

“In some cases, remote access trojans (RATs) can masquerade as legitimate software or software updates. Always download software from the official website of the software developer or from reputable sources,” Microsoft advises.

According to Chainalysis’ 2025 Crypto Crime Trends report, illicit cryptocurrency transactions range from $40 billion to $50 billion annually. These funds are stolen through various methods, including ransomware and malware attacks.

Chainalysis estimates that the volume of illicit crypto transactions in 2024 could exceed $51 billion, with an average annual increase of 25% between reporting periods.