Microsoft Warns About a New Trojan Targeting Crypto Wallets

March 18, 2025

Cybersecurity researchers at Microsoft Incident Response have uncovered a sneaky new remote access trojan (RAT) called StilachiRAT—and if you’re into crypto, this is one to watch out for. This malware is specifically designed to steal cryptocurrency and login credentials, putting your digital assets at serious risk.

How Does StilachiRAT Work?

This isn’t your run-of-the-mill virus. StilachiRAT goes after 20 different Chrome browser extensions, including major crypto wallets like MetaMask, Coinbase Wallet, Trust Wallet, OKX Wallet, Bitget Wallet, and Phantom. But that’s not all—it also digs into your saved logins and passwords, decrypting them to hand over to hackers on a silver platter.

And it doesn’t stop there. This Trojan is nosy—it studies your device, gathering all kinds of information, from hardware details and installed applications to active Remote Desktop Protocol (RDP) sessions. It even checks if you have a camera connected. On top of that, it monitors your behavior, logging everything before sending the data to its command server.

The Biggest Threat? It Doesn’t Just Go Away

One of the scariest things about StilachiRAT is its persistence. It embeds itself deep within Windows services, making it tough to detect and even harder to remove. Once it’s in, it’s not leaving without a fight.

The malware also connects to command-and-control servers via TCP ports 53, 443, and 16000, allowing hackers to execute remote commands. These could include restarting your system, deleting logs, or even tampering with the Windows registry. To make detection even trickier, the Trojan cleans up event logs to cover its tracks.

How to Protect Yourself

Microsoft is calling StilachiRAT a high-risk threat, and for good reason. To stay safe:

Download software only from official sources—no shady downloads.
Use browsers with SmartScreen protection to block malicious sites.
Enable secure links in Office 365 to prevent phishing attempts.
If you use Microsoft Defender XDR, check for detections like TrojanSpy:Win64/Stilachi.A and run searches to find suspicious activity in your network.

A Growing Crypto Malware Problem

This isn’t the first time we’ve seen malware targeting crypto wallets. On December 16, 2024, a security researcher from SlowMist reported that the source code for a macOS Stealer Trojan—designed to steal Bitcoin—was leaked online. That means even more hackers can now get their hands on it, making crypto-related threats even more widespread.

Bottom line? If you’re storing crypto online, be extra cautious. Cybercriminals are getting more sophisticated, and the last thing you want is to wake up and find your wallet empty. Stay vigilant, stay updated, and most importantly—stay safe.

Coinbase Wallet, crypto malware, crypto scam, cryptocurrency security, cybersecurity threats, hacking prevention, MetaMask, Microsoft security, online security, RAT virus, StilachiRAT, Trojan virus, Trust Wallet, Windows malware

Recent News

Categories

About this site

USDT Pharmacy is your premier online destination for purchasing high-quality medicines using USDT (Tether). We are committed to providing a secure, private, and efficient way to obtain your essential medications. Our platform is designed for those who value convenience and modern payment methods, ensuring a hassle-free shopping experience with fast worldwide shipping and trusted suppliers.

Previous News