Microsoft Flags New Threat Draining Crypto From MetaMask, Bitget and Other Top Wallets

Key Takeaways

• Microsoft has flagged a remote access trojan (RAT) capable of stealing funds from major crypto wallets.
• The malware extracts sensitive data from browsers, clipboards, and other applications.
• While not yet widely deployed, Microsoft warns users to be cautious of phishing links and suspicious downloads.

Microsoft has flagged a newly discovered trojan capable of targeting some of the most popular cryptocurrency wallet extensions, potentially putting millions of users at risk.

This marks the latest evolution in cyber threats targeting crypto users, building on previous malware campaigns designed to steal digital assets directly from unsuspecting victims.

Microsoft Uncovers Advanced Trojan

According to Microsoft, StilachiRAT malware scans for configuration data from more than 20 different Chrome-based crypto wallets, including MetaMask, Bitget, Trust, TronLink, BNB Chain, OKX, Sui, Manta, and Phantom.

Once installed, StilachiRAT extracts and decrypts stored credentials from Google Chrome, allowing hackers to gain access to users’ wallets and steal funds.

Microsoft’s Incident Response Team discovered the malware during an investigation into recent cyberattacks on crypto users.

A Sophisticated Threat With Unclear Origins

While Microsoft has yet to identify the actors behind StilachiRAT, researchers warn that its capabilities make it particularly dangerous. The trojan gathers extensive system data, including:

• Operating system details.
• Hardware identifiers.
• Clipboard contents.
• Browser credentials.
• Active remote desktop protocol (RDP) sessions.

These functionalities allow the malware to profile and compromise target systems efficiently.

Microsoft previously uncovered a similar remote trojan in November 2024, designed to steal digital wallet data and browser-stored credentials.

However, the new StilachiRAT variant appears to be even more advanced, with improved stealth and a broader attack surface.

Though not yet widely distributed, Microsoft cautions that the malware’s effectiveness makes it a potentially serious threat to crypto holders and traders.

Microsoft Urges Caution

To mitigate the risk of infection, Microsoft advised crypto wallet users to stay vigilant, urging them to take security precautions.

The tech giant recommended downloading software only from official sources, using browsers with built-in security features, and being cautious of phishing links.

Additionally, the company insisted that two-factor authentication (2FA) be enabled to help prevent unauthorized access, even if login credentials are compromised.