{"id":125283,"date":"2025-03-18T06:19:50","date_gmt":"2025-03-18T06:19:50","guid":{"rendered":"http:\/\/cryptospotters.net\/?p=125283"},"modified":"2025-03-18T06:19:50","modified_gmt":"2025-03-18T06:19:50","slug":"microsoft-warns-of-new-remote-access-trojan-targeting-crypto-wallets","status":"publish","type":"post","link":"http:\/\/cryptospotters.net\/?p=125283","title":{"rendered":"Microsoft warns of new remote access trojan targeting crypto wallets"},"content":{"rendered":"<p>Source: Cointelegraph.com NewsTech giant Microsoft has discovered a new remote access trojan (RAT) that targets crypto held in 20 cryptocurrency wallet extensions for the Google Chrome browser.\u00a0<br \/>\nMicrosoft\u2019s Incident Response Team said in a March 17 blog post that it first discovered the malware StilachiRAT last November and found it can steal information such as credentials stored in the browser, digital wallet information and data stored in the clipboard.\u00a0<br \/>\nAfter deployment, the bad actors can use StilachiRAT to siphon crypto wallet data by scanning for the configuration information for 20 crypto wallet extensions, including Coinbase Wallet, Trust Wallet, MetaMask and OKX Wallet.\u00a0<br \/>\nThe malware StilachiRAT can target crypto held in 20 different wallet extensions. Source: Microsoft\u201cAnalysis of the StilachiRAT\u2019s WWStartupCtrl64.dll module that contains the RAT capabilities revealed the use of various methods to steal information from the target system,\u201d Microsoft said.\u00a0<br \/>\nAmong its other capabilities, the malware can extract credentials saved in the Google Chrome local state file and monitor clipboard activity for sensitive information like passwords and crypto keys.\u00a0<br \/>\nIt can also use detection evasion and anti-forensics features, like the ability to clear event logs and check for signs it\u2019s running in a sandbox to block analysis attempts, according to Microsoft.<br \/>\nAt the moment, the tech giant says it can\u2019t pinpoint who is behind the malware but hopes that publicly sharing information will lower the number of people who might be snared.\u00a0<br \/>\nRelated: New MassJacker malware targets piracy users, steals crypto<br \/>\n\u201cBased on Microsoft\u2019s current visibility, the malware does not exhibit widespread distribution at this time,\u201d Microsoft said.\u00a0<br \/>\n\u201cHowever, due to its stealth capabilities and the rapid changes within the malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on the evolving threat landscape.\u201d<br \/>\nMicrosoft suggests to avoid falling prey to malware; users should have antivirus software, cloud-based anti-phishing and anti-malware components on their devices.\u00a0<br \/>\nLosses to crypto scams, exploits and hacks totaled nearly $1.53 billion in February, with the $1.4 billion Bybit hack accounting for the lion\u2019s share of losses, according to blockchain security firm CertiK.<br \/>\nBlockchain analytics firm Chainalysis said in its 2025 Crypto Crime Report that crypto crime has entered a professionalized era dominated by AI-driven scams, stablecoin laundering, and efficient cyber syndicates, with the past year witnessing $51 billion in illicit transaction volume.\u00a0<br \/>\nMagazine: Ridiculous \u2018Chinese Mint\u2019 crypto scam, Japan dives into stablecoins: Asia Express<a href=\"https:\/\/cointelegraph.com\/news\/microsoft-new-remote-access-trojan-rat-targets-digital-wallets?utm_source=rss_feed&amp;utm_medium=rss&amp;utm_campaign=rss_partner_inbound\" target=\"_blank\" class=\"feedzy-rss-link-icon\" rel=\"noopener\">Read More<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Source: Cointelegraph.com NewsTech giant Microsoft has discovered a new remote access trojan (RAT) that targets crypto held in 20 cryptocurrency wallet extensions for the Google Chrome browser.\u00a0 Microsoft\u2019s Incident Response&hellip; <\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"_links":{"self":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/125283"}],"collection":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=125283"}],"version-history":[{"count":0,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/125283\/revisions"}],"wp:attachment":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=125283"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=125283"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=125283"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}