Microsoft has warned about a new Trojan StilachiRAT that attacks crypto wallets through Google Chrome extensions. The malware targets 20 popular wallets, including MetaMask, Trust Wallet, Coinbase Wallet, and others, stealing passwords, keys, and other data. The Trojan uses the WWStartupCtrl64.dll module and has stealth features, making it difficult to detect. Microsoft urges users to be careful and use antivirus software for protection.

The full list of its targets includes: Bitget Wallet, Trust Wallet, TronLink, MetaMask, TokenPocket, BNB Chain Wallet, OKX Wallet, Sui Wallet, Braavos – Starknet Wallet, Coinbase Wallet, Leap Cosmos Wallet, Manta Wallet, Keplr, Phantom, Compass Wallet for Sei, Math Wallet, Fractal Wallet, Station Wallet, ConfluxPortal, and Plug.

While StilachiRAT has not yet become widespread, its potential is alarming. Already in February 2025, losses from crypto attacks reached $1.53 billion, and this Trojan may become a new tool in the hands of attackers. Microsoft has published information about the Trojan to help users protect their assets.

To protect yourself, Microsoft recommends installing antivirus programs and using cloud tools to combat phishing and malware. This is especially important for those who actively use crypto wallets and store significant amounts of Bitcoin or Ethereum.