An alert has been issued regarding a new piece of malware called StilachiRAT, which stealthily targets cryptocurrency wallets and extracts information from browsers such as Google Chrome.
As of March 17, StilachiRAT is identified as a remote access trojan (RAT) designed to avoid detection and siphon off sensitive information.
This malware presents a significant risk to cryptocurrency users. It notably scans for crypto wallet extensions within Google Chrome, targeting at least 20 different wallets such as MetaMask, Trust Wallet, Phantom, Coinbase, BNB Chain, and Bitget Wallet, among others.
Upon detection, the malware has the ability to extract stored credentials and configuration data, which can ultimately allow attackers to deplete users’ funds.
Moreover, StilachiRAT keeps an eye on clipboard activity, seeking out cryptocurrency keys and passwords that users might have copied, which directly jeopardizes digital asset security.
This malware also enables attackers to execute commands remotely, clear logs, and adjust registry settings to secure ongoing access. It utilizes anti-forensic techniques, such as identifying analysis tools and delaying execution, to evade security measures.
One of its notable features is system reconnaissance, where StilachiRAT gathers extensive details about the infected device—such as operating system characteristics, hardware IDs, and active applications. It also monitors Remote Desktop Protocol sessions, allowing attackers to impersonate victims and navigate through networks.
While the specific threat actor behind this malware has not yet been identified, it is emphasized that its stealthy nature and sophisticated evasion strategies pose a substantial risk.
Though it is not widely disseminated at this point, users are being urged to remain vigilant.
“Malware like StilachiRAT can be delivered through various methods; thus, it is essential to adopt security hardening measures to prevent initial infiltration,” the warning states.
Suggested safety measures include downloading software exclusively from reputable sources, enabling real-time protection, activating cloud-delivered security options, and utilizing SmartScreen to block harmful websites.
The cryptocurrency sector has consistently been a target for increasingly advanced malware and cyberattacks. From wallet-draining trojans to phishing schemes, attackers are continually adapting their strategies to take advantage of vulnerabilities.
As previously noted, the $1.4 billion Bybit heist, which stands as the largest cryptocurrency theft to date, reportedly began with malware disguised as a bogus stock investment scheme.
Late last year, on-chain investigator Taylor Monahan raised alarms about an elaborate social engineering scheme that distributed malware to victims’ devices during a fake job interview process.