Trojan Malware Hits Crypto Wallets: What MetaMask, Coinbase and Other Users Need to Know

Microsoft has issued a warning about a new Trojan malware, StilachiRAT, which targets cryptocurrency wallet extensions on the Google Chrome browser. Discovered by Microsoft’s Incident Response team in November 2024, StilachiRAT is capable of stealing sensitive information, such as stored browser credentials, digital wallet data, clipboard content, and system details.

The malware affects 20 different crypto wallet extensions, including  Bitget Wallet, Trust Wallet, TronLink, MetaMask, TokenPocket, BNB Chain Wallet, OKX Wallet, Sui Wallet, Braavos – Starknet Wallet, Coinbase Wallet, Leap Cosmos Wallet, Manta Wallet, Keplr, Phantom, Compass Wallet for Sei, Math Wallet, Fractal Wallet, Station Wallet, ConfluxPortal, and Plug. While the malware has not yet been widely distributed, it poses a serious threat due to its stealthy methods of operation.

What Users Should Do

If you use crypto wallet extensions on Google Chrome, it’s crucial to be cautious. Microsoft recommends checking your browser plugins, clearing your browser history, and running antivirus scans. Users should also avoid downloading any suspicious files and ensure they are taking the necessary steps to secure their wallets.

How StilachiRAT Works

StilachiRAT uses various techniques to avoid detection and persist within the target system. One of the malware’s components, WWStartupCtrl64.dll, is responsible for gathering sensitive information, such as credentials stored in browsers and crypto wallets, making it a serious threat for anyone using these wallet extensions.

• Also Read :
•   BitClout Founder Cleared in Multi-Million Crypto Fraud Scheme as DOJ and SEC Drop Charges
• ,

Microsoft has not yet identified the creators or origin of StilachiRAT, but has shared the findings as part of its ongoing efforts to monitor and address emerging cyber threats.

Protection Measures

Microsoft is providing mitigation guidance to help reduce the impact of StilachiRAT. The malware can be delivered through various vectors, so it is important to implement security measures to prevent compromise.