Sneaky Rat Named StilachiRAT Stealing Crypto
A dangerous new remote access trojan (RAT) called StilachiRAT is targeting cryptocurrency users, stealing wallet credentials and sensitive financial data. First discovered by Microsoft in November 2024, this malware scans Google Chrome for 20 different crypto wallet extensions, including MetaMask, Coinbase Wallet, Trust Wallet, and Phantom.
Related: Why you need a dedicated device for crypto.
How StilachiRAT Steals Your Crypto
StilachiRAT is designed to steal sensitive information in multiple ways:
Steals saved credentials – It bypasses Chrome’s encryption to access stored usernames and passwords.
Watches for clipboard activity – It scans for copied passwords, crypto keys, and wallet addresses, potentially replacing them to redirect transactions.
Scans for wallet extensions – It identifies and extracts configuration data from popular crypto wallet extensions.
Avoids detection – It clears event logs, checks for sandbox environments, and constantly restores its files if deleted.
Monitors RDP sessions – This could enable attackers to move laterally within a compromised network.
Protect Yourself from StilachiRAT
To safeguard your digital assets, follow these steps:
Update your security tools – Ensure your antivirus, anti-phishing, and anti-malware defenses are up to date.
Never store critical credentials in Chrome – Use a dedicated password manager instead.
Watch out for infection sources – Avoid trojanized software, malicious websites, and suspicious email attachments.
Enable Microsoft Defender protections – Microsoft recommends using secure browsing tools and verified downloads.
Stop using microsoft. Let’s be honest, they don’t have the best track record. However, Microsoft products are targeted by hackers the most due to how many people use them.
Although StilachiRAT is not yet widespread, its advanced capabilities make it a serious risk for crypto holders. There are way more secure browsers to use other than Google Chrome. A lot of people are moving away from Microsoft products because of the constant security threats involving wallet extensions.
Here’s what Microsoft had to say about this threat back in November.
💬 What’s your experience with crypto security threats? Share your thoughts in the comments!
S Taylor is a crypto trader with five years of experience, having navigated a wide range of market dynamics and witnessed numerous scams firsthand. As a former victim of scams, S Taylor turned their focus to blockchain forensics and Solidity Smart Contract development, gaining deep technical expertise in the field. With a unique insider’s perspective, they’ve been involved in various crypto projects, where they’ve seen how developers can exploit vulnerable investors.
S Taylor is also the published author of Meme Coins Made Easy, a comprehensive guide that teaches beginners about cryptocurrency and how to identify and avoid common scams. S Taylor is dedicated to sharing valuable insights and helping the crypto community stay informed and safe.
Disclaimer: This article is for informational purposes only and should not be considered legal, tax, investment, or financial advice.
