Overview

• Microsoft researchers identified StilachiRAT, a sophisticated remote access trojan targeting cryptocurrency wallets, first discovered in November 2024.
• The malware can steal and decrypt wallet credentials, usernames, and passwords stored in Google Chrome, and monitor clipboard content for sensitive information.
• StilachiRAT targets 20 popular wallets, including MetaMask, Coinbase Wallet, Phantom, and Trust Wallet, highlighting the vulnerability of widely used platforms.
• Microsoft has not attributed the malware to a specific threat actor but has issued mitigation guidelines, such as using antivirus software and downloading only from official sources.
• MetaMask and other stakeholders have urged users to adopt safety measures, including hardware wallets, two-factor authentication, and caution against phishing attempts.