A New Crypto Threat Targeting Chrome Users on Windows and macOS
Today, we’re sounding the alarm on StilachiRAT, a sophisticated remote access trojan (RAT) recently uncovered by Microsoft. This malware is targeting cryptocurrency users by exploiting Google Chrome browser extensions, putting over 20 popular wallets—including MetaMask, Trust Wallet, Coinbase Wallet, and TronLink—at risk.
First identified in November 2024 on Windows systems, StilachiRAT has since shown potential to threaten macOS users as well, leveraging Chrome vulnerabilities across platforms. While not yet widespread, its advanced stealth tactics and ability to steal private keys, credentials, and clipboard data make it a critical concern for all crypto holders. Here’s what you need to know—and how to protect yourself.
How StilachiRAT Works
StilachiRAT infiltrates systems to:
- Steal Wallet Data: It scans for configuration details of 20+ Chrome-based crypto wallet extensions, extracting sensitive info to drain funds.
- Monitor Clipboards: The malware watches for copied private keys or passwords, snagging them in real-time.
- Harvest Credentials: It decrypts and steals login details stored in Chrome, giving attackers broader access.
- Evade Detection: With anti-forensic tricks like clearing event logs and delaying activation, StilachiRAT hides from traditional security tools.
Originally tied to a Windows-specific module (WWStartupCtrl64.dll), recent analysis suggests macOS users aren’t immune. Chrome’s cross-platform nature means similar vulnerabilities could be exploited, making this a universal threat for crypto enthusiasts.
The Risk to Crypto Users
The crypto space is no stranger to cyberattacks, with losses topping $1.5 billion in February 2025 alone (CertiK). StilachiRAT’s focus on browser-based wallets amplifies the danger—especially for users who store keys in software rather than secure hardware solutions. Whether you’re on Windows or macOS, if you use Chrome extensions for your wallets, you’re a potential target.
How to Stay Safe
Don’t let StilachiRAT catch you off guard. Take these steps now:
1. Audit Your Extensions: Verify every Chrome extension—remove anything untrusted or unnecessary.
2. Update Everything: Keep Chrome, Windows, macOS, and antivirus software current to patch vulnerabilities.
3. Switch to Hardware Wallets: Move your private keys offline with a hardware wallet for maximum security.
4. Scan Your System: Use up-to-date antivirus tools (e.g., Microsoft Defender, Malwarebytes) to detect and eliminate threats.
5. Avoid Clipboard Risks: Don’t copy-paste sensitive data—StilachiRAT is watching.
Stay vigilant, stay secure. #BlockchainSecurity #CryptoSafety #StilachiRAT