Crypto Holders Beware: Microsoft Warns of New RAT Stealing Wallet Data

In a significant cybersecurity discovery, tech giant Microsoft has detected a dangerous remote access trojan (RAT) known as StilachiRAT. This malware, first identified by Microsoft’s Incident Response Team in November, has the potential to target cryptocurrency holdings stored in 20 different wallet extensions on the Google Chrome browser.

How StilachiRAT Puts Crypto Wallets at Risk

According to a March 17 blog post from Microsoft, the malware is designed to steal sensitive data including browser-stored credentials, digital wallet details, and information copied to the clipboard. Once deployed, StilachiRAT scans the system for configuration data from popular crypto wallet extensions like Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet.

Microsoft’s analysis of the malware’s WWStartupCtrl64.dll module revealed a variety of methods used to harvest information from infected systems. In particular, StilachiRAT can extract credentials saved in Chrome’s local state file and monitor clipboard activity, a worrying feature for users who copy and paste crypto keys or passwords.

Detection Evasion and Anti-Forensic Capabilities

What makes StilachiRAT even more dangerous is its ability to avoid detection. According to Microsoft, the malware can clear event logs and even check if it’s running in a sandbox environment, a common analysis tool used by cybersecurity experts. These features make it challenging for analysts and antivirus solutions to catch the malware before it does damage.

Who’s Behind the Attack?

Microsoft has yet to identify the group or person responsible for the spread of StilachiRAT. However, the company is certain that releasing this information will help reduce the number of potential victims. Microsoft also assures users that, based on their data at the time, the malware has yet to start spreading on a mass scale. However, with the ever-changing nature of the threat landscape and the stealthy nature of the trojan, caution is necessary.

The Growing Scale of Crypto-Related Cybercrime

The discovery of StilachiRAT comes against a backdrop of increasing crypto crimes. According to blockchain security firm CertiK, losses from crypto scams, exploits, and hacks reached nearly $1.53 billion in February alone with the massive $1.4 billion Bybit hack accounting for most of those losses.

Additionally, Chainalysis’ 2025 Crypto Crime Report highlights that crypto crime has now entered a more professional era. This new wave of crime is dominated by AI-driven scams, stablecoin laundering operations, and highly efficient cyber syndicates, contributing to a staggering $51 billion in illicit transaction volume over the past year.

How to Stay Protected

To safeguard themselves from malicious attacks like StilachiRAT, Microsoft strongly recommends users have their most recent antivirus programs and cloud-based protection to block phishing and malware on all devices. Having Chrome extensions updated, not downloading suspicious files, and being vigilant with clipboard activity can also avert the loss of cryptocurrency.

The evolving environment of cyber attacks on crypto wallets implies that the attackers are getting smarter and more advanced. While Microsoft is eager to keep watch and report on such threats, it is equally important for the users to be proactive. In a situation where billions of dollars are being lost to cryptocurrency offenses, any caution can prove to be valuable.