Advanced Malware Targets Cryptocurrency Wallets

More attacks targeting cryptocurrency users. Microsoft has identified a new Remote Access Trojan, named StilachiRAT, that has sophisticated capabilities to remain stealthy and persistent so it can harvest crypto wallet credentials via web browsers.

The malware targets many widely used cryptocurrency wallet browser extensions:

1. Bitget Wallet (Formerly BitKeep)
2. Trust Wallet
3. TronLink
4. MetaMask (ethereum)
5. TokenPocket
6. BNB Chain Wallet
7. OKX Wallet
8. Sui Wallet
9. Braavos – Starknet Wallet
10. Coinbase Wallet
11. Leap Cosmos Wallet
12. Manta Wallet
13. Keplr
14. Phantom
15. Compass Wallet for Sei
16. Math Wallet
17. Fractal Wallet
18. Station Wallet
19. ConfluxPortal
20. Plug

If you use any of these Chrome wallet extensions, be very careful.
As I outlined in my 2025 Cybersecurity Predictions, I forecast an increased Nation State focus on the finance sector, with specific emphasis on the cryptocurrency. This year we have already seen a ~$1.5 billion hack of a crypto exchange Bybit. 

Microsoft’s full write-up, including Indicators of Compromise (IoC) can be found in their security analysis brief:
https://www.microsoft.com/en-us/security/blog/2025/03/17/stilachirat-analysis-from-system-reconnaissance-to-cryptocurrency-theft/