Microsoft security researchers have identified a new malware threat targeting popular crypto wallet extensions such as MetaMask and Phantom. The StilachiRAT remote access trojan (RAT), discovered in November 2024, is particularly concerning due to its ability to scan for cryptocurrency wallet extensions in Google Chrome, allowing it to extract and decrypt saved usernames and passwords. It continuously monitors clipboard content to hunt for sensitive cryptocurrency keys and passwords. The malware is capable of using anti-forensic techniques to evade detection and may not be widely distributed yet. However, its stealth capabilities prompt ongoing analysis by Microsoft to track the evolving threat landscape. The researchers emphasize the importance of user vigilance against infostealing malware, which often utilizes social engineering tactics to deceive users into executing malicious code. The RAT targets several specific wallets, including MetaMask, Coinbase, and Phantom, among others.

Source đź”—