New StilachiRAT Virus Threatens Your Crypto Wallets, Warns Microsoft
Microsoft has discovered a remote access Trojan (RAT), StilachiRAT, specifically designed to steal sensitive information, including crypto wallet data.
On this page
Microsoft first uncovered the StilachiRAT Trojan in November 2024, months before its capabilities became widely known. This malware is designed to harvest confidential system data, including OS specifications, hardware IDs, and active remote desktop connections.
The Trojan’s most critical module, WWStartupCtrl64.dll, powers its primary attack mechanisms. StilachiRAT is capable of extracting stored passwords from Google Chrome, monitoring clipboard content for cryptographic keys, and analyzing installed extensions related to cryptocurrency security.
Check this out: Fake Job Offers, GrassCall, and Crypto: A New Scam Uncovered
StilachiRAT is particularly dangerous as it specifically targets twenty of the most popular browser-based cryptocurrency wallets, including MetaMask, Trust Wallet, OKX Wallet, Coinbase Wallet, and others. The Trojan also scans the registry for valuable data. Once the necessary information is found, it collects data that could lead to digital asset theft or bank account breaches.
The StilachiRAT Trojan uses TCP ports 53, 443, and 16000 to connect with its control servers, granting attackers remote access to compromised systems. This allows them to issue commands, modify processes, and even reboot devices. StilachiRAT employs complex evasion tactics, such as connection delays and anti-forensic techniques, which make detection and analysis significantly more challenging.
How to Protect Yourself from StilachiRAT
According to Microsoft, StilachiRAT is not widely distributed at the moment, but its high stealth capabilities and rapidly developing threat landscape require greater attention from users.
The primary security measures to adopt are:
- Ensuring antivirus software is up to date;
- Enabling real-time protection features;
- Using modern tools designed to block potentially unwanted programs.
Malware like StilachiRAT can be installed through multiple vectors; therefore, it is critical to implement security hardening measures to prevent the initial compromise,
says the company’s official blog.
To secure cryptocurrency assets, experts recommend using wallets equipped with multi-factor authentication, keeping software up-to-date, and relying on hardware devices.
In February 2025, cyberattacks led to $1.53 billion in losses within the cryptocurrency industry. This reinforces the need for a comprehensive security approach to mitigate future risks.
Related: How to Set Up a Crypto Wallet: Tips for Safe and Easy Setup
Microsoft has promised to keep a close watch on the evolving StilachiRAT Trojan, continually refining its detection tools. The release of technical data about the malware is designed to help cybersecurity experts detect attacks more rapidly and limit the damage caused. Sharing threat intelligence is a critical weapon in the fight against viruses, and Microsoft is leading the charge.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
