More
attacks targeting cryptocurrency users. Microsoft
has identified a new Remote Access Trojan, named StilachiRAT, that has sophisticated
capabilities to remain stealthy and persistent so it can harvest crypto wallet
credentials via web browsers.
The
malware targets many widely used cryptocurrency wallet browser extensions:
1.
Bitget Wallet (Formerly BitKeep)
2.
Trust Wallet
3.
TronLink
4.
MetaMask (ethereum)
5.
TokenPocket
6.
BNB Chain Wallet
7.
OKX Wallet
8.
Sui Wallet
9.
Braavos Starknet Wallet
10.
Coinbase Wallet
11.
Leap Cosmos Wallet
12.
Manta Wallet
13.
Keplr
14.
Phantom
15.
Compass Wallet for Sei
16.
Math Wallet
17.
Fractal Wallet
18.
Station Wallet
19.
ConfluxPortal
20.
Plug
If you
use any of these Chrome wallet extensions, be very careful.
As I
outlined in my 2025
Cybersecurity Predictions, I forecast an increased Nation State focus on
the finance sector, with specific emphasis on the cryptocurrency. This year we have already seen a ~$1.5
billion hack of a crypto exchange Bybit.
Microsoft’s
full write-up, including Indicators of Compromise (IoC) can be found in their
security analysis brief: www.microsoft.com/en-us/security/blog/2025/03/17/stilachirat-analysis-from-system-reconnaissance-to-cryptocurrency-theft/
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2025/03/advanced-malware-targets-cryptocurrency-wallets/
