Microsoft’s security team has recently uncovered a remote access trojan (RAT) targeting cryptocurrency wallets used in Google Chrome.
Aqua Ad Server Asynchronous JS Tag – Generated with Revive Adserver v5.5.2
This malware, named StilachiRAT, was first identified last November and has since been found to steal sensitive data such as wallet credentials, passwords, and other private information stored in the browser.
The attack primarily affects users with specific cryptocurrency wallet extensions installed, including popular wallets like MetaMask, Trust Wallet, and Coinbase Wallet. StilachiRAT silently scans the device for these wallets, allowing the malware to access and exfiltrate crypto-related data once it’s deployed. Microsoft’s investigation revealed that the malware can even monitor clipboard activity, capturing private keys and other valuable data, as well as extract stored credentials from the Chrome local state file.
Aqua Ad Server Asynchronous JS Tag – Generated with Revive Adserver v5.5.2
One of the concerning features of StilachiRAT is its ability to avoid detection. The malware uses various techniques, including erasing event logs and detecting if it’s being analyzed in a controlled environment like a sandbox. These evasion tactics make it particularly difficult to track and neutralize. While Microsoft hasn’t pinpointed the attackers behind this threat, the company has shared its findings in the hopes of reducing the number of victims and raising awareness.
READ MORE:
JUST IN: SEC to Drop Appeal Against Ripple
The malware’s relatively limited distribution so far doesn’t lessen the threat it poses, as its stealth capabilities make it an ongoing concern for cryptocurrency users. Microsoft urges all internet users, especially those involved in cryptocurrency trading, to enhance their security measures. Employing antivirus programs and using cloud-based anti-malware solutions can help mitigate the risk of such targeted attacks. As cybercrime in the crypto space continues to grow, incidents like these highlight the importance of staying vigilant and proactive in safeguarding digital assets.
AleXander Stefanov
