Microsoft has uncovered a dangerous new remote access trojan (RAT) called StilachiRAT, which specifically targets cryptocurrency wallets. The malware, first detected in November 2024, infiltrates Google Chrome extensions and steals sensitive data from at least 20 crypto wallets, including Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet.

According to Microsoft’s security team, StilachiRAT is capable of stealing browser credentials, digital wallet information, and clipboard data. Once deployed, it scans devices for installed wallet extensions and extracts critical information that could lead to unauthorized fund transfers. The malware uses sophisticated evasion techniques, such as clearing event logs and checking if it’s running in a sandbox environment, making it harder for security experts to analyze and counteract.

The stolen credentials and crypto keys allow hackers to drain funds from wallets, posing a significant risk to users who store digital assets in browser extensions. While Microsoft has not identified the perpetrators behind StilachiRAT, it has shared its findings to help prevent further victims. Despite no signs of mass distribution, the tech giant warns that the malware's stealthy nature and adaptability could make it a growing threat.

To protect against such malware, Microsoft advises users to install robust antivirus software, enable cloud-based anti-phishing tools, and avoid downloading unverified browser extensions.

Cybercrime in the crypto space is on the rise. In February alone, hacks and exploits led to $1.53 billion in losses, with Bybit suffering a massive $1.4 billion breach. A report from Chainalysis further warns that crypto-related crimes have become more professionalized, with AI-powered scams and money laundering via stablecoins contributing to a record $51 billion in illicit transactions last year.