Meet the Top 101 in Crypto
News
2 min read

Microsoft Flags New Threat Draining Crypto From MetaMask, Bitget and Other Top Wallets

Published 18 March 2025
Prashant Jha
Authors
Edited by Insha Zia

Key Takeaways

  • Microsoft has flagged a remote access trojan (RAT) capable of stealing funds from major crypto wallets.
  • The malware extracts sensitive data from browsers, clipboards, and other applications.
  • While not yet widely deployed, Microsoft warns users to be cautious of phishing links and suspicious downloads.

Microsoft has flagged a newly discovered trojan capable of targeting some of the most popular cryptocurrency wallet extensions, potentially putting millions of users at risk.

This marks the latest evolution in cyber threats targeting crypto users, building on previous malware campaigns designed to steal digital assets directly from unsuspecting victims.

You May Also Like

Microsoft Uncovers Advanced Trojan

According to Microsoft, StilachiRAT malware scans for configuration data from more than 20 different Chrome-based crypto wallets, including MetaMask, Bitget, Trust, TronLink, BNB Chain, OKX, Sui, Manta, and Phantom.

Once installed, StilachiRAT extracts and decrypts stored credentials from Google Chrome, allowing hackers to gain access to users’ wallets and steal funds.

Microsoft’s Incident Response Team discovered the malware during an investigation into recent cyberattacks on crypto users.

A Sophisticated Threat With Unclear Origins

While Microsoft has yet to identify the actors behind StilachiRAT, researchers warn that its capabilities make it particularly dangerous. The trojan gathers extensive system data, including:

  • Operating system details.
  • Hardware identifiers.
  • Clipboard contents.
  • Browser credentials.
  • Active remote desktop protocol (RDP) sessions.

These functionalities allow the malware to profile and compromise target systems efficiently.

Microsoft previously uncovered a similar remote trojan in November 2024, designed to steal digital wallet data and browser-stored credentials.

However, the new StilachiRAT variant appears to be even more advanced, with improved stealth and a broader attack surface.

Though not yet widely distributed, Microsoft cautions that the malware’s effectiveness makes it a potentially serious threat to crypto holders and traders.

Microsoft Urges Caution

To mitigate the risk of infection, Microsoft advised crypto wallet users to stay vigilant, urging them to take security precautions.

The tech giant recommended downloading software only from official sources, using browsers with built-in security features, and being cautious of phishing links.

Additionally, the company insisted that two-factor authentication (2FA) be enabled to help prevent unauthorized access, even if login credentials are compromised.

Prashant Jha

Prashant Jha is a seasoned crypto journalist based in Delhi, India, with a Bachelor’s Degree in Computer Science Engineering. Passionate about the evolving world of blockchain and cryptocurrencies, he has been a dedicated voice in the industry since 2018. Prashant’s expertise lies in regulatory reporting, where he unravels complex legal and financial developments with clarity and precision. Before joining CCN in 2024, he honed his craft at Cointelegraph, establishing himself as a trusted name in crypto journalism.

His coverage spans major industry events, including the high-profile collapses of FTX, Three Arrows Capital (3AC), and LUNA, offering readers insightful analyses of their regulatory and market implications. Prashant’s technical background enables him to bridge the gap between intricate blockchain technology and its real-world applications, making his work accessible to novices and experts.

Beyond his professional pursuits, Prashant is an avid music enthusiast, often exploring diverse genres to unwind. A sports lover, he has a particular passion for cricket and frequently engages in discussions about the game. His multifaceted interests and sharp journalistic instincts make him a valuable contributor to CCN, where he continues shaping the crypto landscape's narrative.

Related

Survey Icon
Help us improve
1 of 4
Is this your first time here?
What brought you here today?
What are you most interested in?
Would you be interested in:
Thank you icon
Thank you for your feedback!
DMCA.com Protection Status