Microsoft Warns of New Remote Access Trojan Targeting Crypto Wallets

Microsoft’s Incident Response Team has issued a warning about a new remote access trojan (RAT) that targets cryptocurrency wallets stored in the Google Chrome browser. The malware, known as StilachiRAT, can steal sensitive information such as credentials, digital wallet data, and clipboard contents.

The discovery was made by Microsoft’s Incident Response Team last November, who analyzed the StilachiRAT’s WWStartupCtrl64.dll module to understand its capabilities. Their analysis revealed that the malware uses various methods to extract information from the target system, including extracting credentials saved in the Google Chrome local state file and monitoring clipboard activity for sensitive information like passwords and crypto keys.

The malware can also use detection evasion and anti-forensics features, such as clearing event logs and checking for signs it's running in a sandbox to block analysis attempts. This makes it difficult for security professionals to track the malware’s spread.

At this time, Microsoft cannot pinpoint who is behind the malware, but hopes that publicly sharing information will lower the number of people who might be affected. The tech giant notes that the malware does not exhibit widespread distribution at this point.

To avoid falling prey to malware like StilachiRAT, users are advised to have antivirus software, cloud-based anti-phishing and anti-malware components on their devices. This will help protect against a range of threats, including crypto scams, exploits, and hacks.

According to blockchain security firm CertiK, losses to crypto scams, exploits, and hacks totaled nearly $1.53 billion in February, with the $1.4 billion Bybit hack accounting for the lion’s share of losses. Blockchain analytics firm Chainalysis reported that crypto crime has entered a professionalized era dominated by AI-driven scams, stablecoin laundering, and efficient cyber syndicates.

The past year saw $51 billion in illicit transaction volume, highlighting the growing threat posed by cryptocurrency-related crimes. As users become increasingly vulnerable to these threats, it’s essential for them to stay vigilant and take steps to protect themselves against malware like StilachiRAT.