A prominent technology company has identified a new remote access trojan (RAT) that specifically targets cryptocurrencies held in 20 different wallet extensions for the Google Chrome browser.
The Incident Response Team noted in a blog post from March 17 that they first came across the malware, named StilachiRAT, last November. They found that it is capable of stealing data such as saved credentials, digital wallet information, and clipboard content.
Once deployed, the malicious actors can utilize StilachiRAT to extract crypto wallet data by locating configuration details for 20 wallet extensions, which include Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet.

StilachiRAT can compromise cryptocurrencies in 20 different wallet extensions.
“An examination of the WWStartupCtrl64.dll module associated with StilachiRAT revealed various techniques employed to extract information from targeted systems,” they explained.
In addition to its other functions, the malware can retrieve credentials saved in the Google Chrome local state file and observe clipboard activity for sensitive data like passwords and cryptocurrency keys.
The RAT also incorporates evasion tactics and anti-forensics capabilities, which include the ability to clear event logs and check for a sandbox environment to hinder analysis efforts.
Currently, the company is unable to identify the origins of the malware but hopes that by sharing this information publicly, they can reduce the number of potential victims.
Related: New MassJacker malware targets piracy users, steals crypto
“At present, our visibility indicates that the malware is not widely distributed,” they noted.
“However, owing to its stealthy nature and the rapid evolution within the malware landscape, we are disclosing these findings as part of our ongoing initiative to monitor, analyze, and report on the shifting threat environment.”
To avoid falling victim to malware, the tech company recommends that users install antivirus software and use cloud-based components for anti-phishing and anti-malware protections on their devices.
In February alone, losses from cryptocurrency scams, exploits, and hacks reached nearly $1.53 billion, with the Bybit hack, totaling $1.4 billion, making up a significant portion of these losses, according to a blockchain security firm.
A blockchain analytics organization reported in its 2025 Crypto Crime Report that cryptocurrency crime has become professionalized, featuring AI-driven scams, stablecoin laundering, and organized cybercrime syndicates, which resulted in $51 billion in illicit transaction volume over the past year.
Magazine: Absurd ‘Chinese Mint’ crypto scam, Japan explores stablecoins: Asia Express