Microsoft Security Team Reveals Details of StilachiRAT Cryptocurrency Theft Malware

Microsoft Security Team Reveals Details of StilachiRAT Cryptocurrency Theft Malware

  • 18.03.2025 10:20
  • blockonomi.com
  • Keywords: Malware, Cryptocurrency Theft

Microsoft identified a new malware named StilachiRAT targeting cryptocurrency users via Chrome extensions. The malware steals credentials, clipboard data, and evades detection using techniques like log clearing and random port usage.

Coinbase NewsCoinbase ReportsMicrosoft ReportsMicrosoft NewsMSFTsentiment_satisfied
open_in_newOriginal article

Estimated market influence

Microsoft

Microsoft

Positivesentiment_satisfied
Analyst rating: Strong buy

Identified and reported the StilachiRAT malware to protect users.

Coinbase Wallet

Negativesentiment_dissatisfied
Analyst rating: N/A

Targeted by StilachiRAT malware for potential theft of crypto assets.

Trust Wallet

Negativesentiment_dissatisfied
Analyst rating: N/A

Targeted by StilachiRAT malware for potential theft of crypto assets.

MetaMask

Negativesentiment_dissatisfied
Analyst rating: N/A

Targeted by StilachiRAT malware for potential theft of crypto assets.

OKX Wallet

Negativesentiment_dissatisfied
Analyst rating: N/A

Targeted by StilachiRAT malware for potential theft of crypto assets.

CertiK

Neutralsentiment_neutral
Analyst rating: N/A

Reported on cryptocurrency-related crime statistics.

Chainalysis

Neutralsentiment_neutral
Analyst rating: N/A

Provided data on illicit transaction volumes in the crypto space.

Context

Analysis of Microsoft's Discovery of StilachiRAT Malware Targeting Cryptocurrency Users

Key Findings and Business Insights

  • Malware Overview:

    • Name: StilachiRAT (Remote Access Trojan).
    • Target: Chrome cryptocurrency wallet extensions, including Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet.
    • Functionality: Steals browser credentials, clipboard data, and monitors RDP sessions.

  • Technical Capabilities:

    • Unique Device ID Creation: Derived from system serial numbers and attacker's public RSA key.
    • Evasion Techniques: Clears event logs, detects test environments to avoid analysis.
    • Communication Channels: Uses TCP ports (53, 443, or 16000) for command-and-control server interaction.

  • Command Set:

    • Executes 10 commands: system shutdown, log clearing, application launching, etc.
    • Suspends systems, modifies Windows registry values, and monitors open windows.

Market Implications

  • Cryptocurrency Crime Landscape:

    • Rise in Crypto Crimes: February 2024 saw $1.53 billion lost to crypto scams/hacks.
    • Professionalization of Cybercrime: Blockchain analytics firm Chainalysis reported $51 billion in illicit crypto transactions in 2025.

  • Cybersecurity Industry:

    • Increased Demand for Protection: Highlights the need for advanced threat detection and response solutions, especially for cryptocurrency platforms.
    • Focus on User Education: Emphasizes the importance of downloading software from trusted sources and using browsers with SmartScreen features.

Competitive Dynamics

  • Threat Actor Evolution:
    • Malware developers are adopting sophisticated techniques (e.g., AI-driven scams, stablecoin laundering) to target cryptocurrency users.
    • This underscores the need for cybersecurity firms to innovate rapidly to counter evolving threats.

Strategic Considerations

  • Organizational Measures:
    • Protection Recommendations: Enable antivirus software, cloud-based anti-phishing tools, and Office 365 features like Safe Links/Safe Attachments.
    • Security Hardening: Implement measures to prevent initial compromise and reduce threat impact.

Long-Term Effects and Regulatory Implications

  • Potential Future Threats:

    • The emergence of StilachiRAT indicates a trend toward specialized malware targeting cryptocurrency users, necessitating proactive security strategies.
    • Regulatory bodies may impose stricter guidelines on crypto platforms to enhance user protection and transaction security.

  • Regulatory Focus:

    • Expect increased scrutiny on cryptocurrency exchanges and wallet providers to ensure compliance with cybersecurity standards and consumer protection laws.