More

attacks targeting cryptocurrency users.  Microsoft

has identified a new Remote Access Trojan, named StilachiRAT, that has sophisticated

capabilities to remain stealthy and persistent so it can harvest crypto wallet

credentials via web browsers.

 

The

malware targets many widely used cryptocurrency wallet browser extensions:

1.       

Bitget Wallet (Formerly BitKeep)

2.       

Trust Wallet

3.       

TronLink

4.       

MetaMask (ethereum)

5.       

TokenPocket

6.       

BNB Chain Wallet

7.       

OKX Wallet

8.       

Sui Wallet

9.       

Braavos – Starknet Wallet

10.  

Coinbase Wallet

11.  

Leap Cosmos Wallet

12.  

Manta Wallet

13.  

Keplr

14.  

Phantom

15.  

Compass Wallet for Sei

16.  

Math Wallet

17.  

Fractal Wallet

18.  

Station Wallet

19.  

ConfluxPortal

20.  

Plug

If you

use any of these Chrome wallet extensions, be very careful.

As I

outlined in my 2025

Cybersecurity Predictions, I forecast an increased Nation State focus on

the finance sector, with specific emphasis on the cryptocurrency.  This year we have already seen a ~$1.5

billion hack of a crypto exchange Bybit. 

 

Microsoft’s

full write-up, including Indicators of Compromise (IoC) can be found in their

security analysis brief:

https://www.microsoft.com/en-us/security/blog/2025/03/17/stilachirat-analysis-from-system-reconnaissance-to-cryptocurrency-theft/

The post Advanced Malware Targets Cryptocurrency Wallets appeared first on Security Boulevard.

Matthew Rosenquist

Source: Security Boulevard
Source Link: https://securityboulevard.com/2025/03/advanced-malware-targets-cryptocurrency-wallets/?utm_source=rss&utm_medium=rss&utm_campaign=advanced-malware-targets-cryptocurrency-wallets