Microsoft security researchers have identified a new malware threat targeting popular crypto wallet extensions including MetaMask and Phantom.

The StilachiRAT remote access trojan was first discovered in November 2024 and has since been deeply analyzed to reveal the depth of this threat. Specifically, it can target crypto wallets.

MetaMask, Coinbase, Phantom, Keplr and more could be at risk as the RAT is able to scan for cryptocurrency wallet extensions in the Google Chrome browser. It can then extract and decrypt saved credentials to access usernames and passwords.

The information gathering RAT can continuously monitor clipboard content, as it actively hunts for sensitive information like cryptocurrency keys and passwords.

The researchers shared examples of the regular expressions the RAT uses to scan clipboard contents for credentials, noting that they're seeking information related to the Tron network—which is particularly popular in China.

Microsoft says that StilachiRAT targets specific wallets including: Bitget Wallet, Trust Wallet, TronLink, MetaMask, TokenPocket, BNB Chain Wallet, OKX Wallet, Sui Wallet, Braavos - Starknet Wallet, Coinbase Wallet, Leap Cosmos Wallet, Manta Wallet, Kepler, Phantom, Compass Wallet for Sei, Math Wallet, Fractal Wallet, Station Wallet, ConfluxPortal, and Plug.

Aaron Walton, Threat Intel Analyst at Expel, told Decrypt: "Infostealing malware, leverages social engineering to trick users into downloading and executing malicious code. These lures range from everything from a download, to a job offer, or even a fake-captcha that interrupts a user while web browsing.

"There is big money to be made and the tactics criminals are using can bypass basic security and even business level defenses."

StilachiRAT appears to be using anti-forensic behaviors, including clearing event logs and evading detection.

The Microsoft Incident Response team says: "Based on Microsoft’s current visibility, the malware does not exhibit widespread distribution at this time. However, due to its stealth capabilities and the rapid changes within the malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on the evolving threat landscape."

Edited by Stacy Elliott.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。