Microsoft security researchers have discovered a sophisticated new malware that targets cryptocurrency wallet users, putting digital assets at serious risk. Dubbed “StilachiRAT,” this remote access trojan threatens users of 20 popular cryptocurrency wallets, including industry giants like MetaMask and Coinbase Wallet.

The malware, first identified in November 2024, employs advanced techniques to remain hidden while stealing sensitive wallet information and browser credentials. Though not yet widely distributed, the threat’s stealthy nature and unknown origin have prompted Microsoft to issue urgent warnings to the crypto community.

StilachiRAT specifically targets Chrome extension wallets, with high-profile names like Phantom, OKX Wallet, and BNB Chain Wallet among its potential victims. The malware’s sophisticated design allows it to evade typical security measures while exfiltrating valuable user data.

“Due to its stealth capabilities and the rapid changes within the malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on the evolving threat landscape,” Microsoft’s Incident Response team explained in their report.

While researchers continue investigating the source of this threat, Microsoft has provided mitigation guidelines for potential targets, including recommendations to install robust antivirus software as a protective measure.

The discovery highlights the ongoing security challenges facing cryptocurrency users and underscores the importance of maintaining vigilant security practices when managing digital assets.