Tech giant Microsoft has discovered a new remote access trojan (RAT) that targets crypto held in 20 cryptocurrency wallet extensions for the Google Chrome browser.
Microsoft’s Incident Response Team said in a March 17 blog post that it first discovered the malware StilachiRAT last November and found it can steal information such as credentials stored in the browser, digital wallet information and data stored in the clipboard.
After deployment, the bad actors can use StilachiRAT to siphon crypto wallet data by scanning device settings to see if any of the 20 crypto wallet extensions are installed, including Coinbase Wallet, Trust Wallet, MetaMask and OKX Wallet.
The malware StilachiRAT can target crypto held in 20 different wallet extensions. Source: Microsoft
“Analysis of the StilachiRAT’s WWStartupCtrl64.dll module that contains the RAT capabilities revealed the use of various methods to steal information