Microsoft's Incident Response Team has identified a remote access trojan (RAT) named StilachiRAT that targets cryptocurrency held in 20 extensions for the Google Chrome browser, including popular wallets like Coinbase Wallet, Trust Wallet, and MetaMask. The malware, discovered in November 2024, can extract saved credentials from the Chrome local state file and monitor clipboard activity for sensitive data. It possesses stealth capabilities, such as clearing event logs and detecting sandbox environments to avoid analysis. While Microsoft has not determined the actors behind StilachiRAT, the company emphasizes that it is not currently widely distributed. However, due to its capabilities and the evolving threat landscape, Microsoft is sharing its findings to raise awareness. Users are advised to use antivirus software and anti-phishing measures to protect against such threats as losses from crypto scams and hacks have reached significant amounts, with the blockchain security firm CertiK indicating that $51 billion in illicit transactions occurred in the last year alone, marking an era of professionalized crypto crime.

Source 🔗