Microsoft Warns Windows Users About StilachiRAT Malware Targeting Cryptocurrency Wallets

Microsoft Incident Response researchers issued a new warning this Monday on a remote access trojan (RAT) that uses advanced techniques to steal data. The malware, named StilachiRAT by the company’s experts, can access information stored in browsers and targets digital wallets.

According to the document shared by Microsoft, the research team identified the threat in November 2024. The researchers have not been able to attribute the malware to a specific geolocation or threat actor, but analyzed the WWStartupCtrl64.dll module, which contains the RAT capabilities and methods to steal credentials and information.

“Based on Microsoft’s current visibility, the malware does not exhibit widespread distribution at this time,” states the document. “However, due to its stealth capabilities and the rapid changes within the malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on the evolving threat landscape.”

Microsoft Incident Response revealed that the malware can be installed in multiple ways and noted Google Chrome as a vulnerable browser. The study shows that the malware scans 20 digital wallets added as cryptocurrency wallet extensions in Chrome—including Trust Wallet, MetaMask, Coinbase Wallet, BNB Chain Wallet, and more—to collect, monitor, and steal data.

The researchers also noted StilachiRAT’s sophisticated anti-forensic tactics—to evade detection and erase traces of malicious activities—as it clears event logs, detects analysis tools, and implements sandbox-evading behaviors.

As mitigation strategies, Microsoft’s team recommends users multiple strategies such as always downloading software from official websites or reputable sources, using browsers that support their security feature SmartScreen such as Microsoft Edge, and turning on Safe Attachments and Safe Links tools.

Users should take precautions without becoming alarmed. According to Forbes, this new report may be a bit “awkward” as there could be hidden business interests, and it may not be an independent report.

The publication points out that Microsoft has been campaigning more intensely this year to gain more users for its Edge browser, and this could be part of that strategy.

However, the threat of StilachiRAT remains real and worthy of attention, and the recommendations from Microsoft’s team are still of great value to netizens. Last year, other RATs were reported and identified across popular video-calling platforms such as Zoom, Skype, and Google Meet.