Microsoft Warns of StilachiRAT: New Malware Threatening Cryptocurrency Wallets with Advanced Evasion Tactics
March 17, 2025
Microsoft researchers have issued a warning about a new malware named StilachiRAT, which is a remote access trojan capable of stealing sensitive user information from cryptocurrency wallets and web browsers.
Discovered in November 2024, StilachiRAT has not yet been widely distributed, but its capabilities pose a significant threat to users of popular cryptocurrency wallets like Coinbase and MetaMask.
The malware communicates with remote command-and-control servers using TCP ports 53, 443, or 16000, allowing for command execution and data exfiltration.
StilachiRAT employs anti-forensic tactics to evade detection, including clearing event logs and obfuscating its activity, making it difficult for security analysts to trace.
To maintain persistence on infected systems, StilachiRAT manipulates Windows services and utilizes watchdog threads to recreate its binaries if removed.
Attackers leveraging StilachiRAT can execute remote commands and drain victims' cryptocurrency funds, gaining control over infected devices.
The 2025 Crypto Crime Report highlights that illicit cryptocurrency transactions have surged, with estimates reaching between $40 billion and $51 billion annually, indicating a growing trend in cybercrime.
Despite its capabilities, Microsoft has not identified a specific threat actor behind StilachiRAT, which operates through a DLL module named 'WWStartupCtrl64.dll'.
To protect against StilachiRAT, Microsoft recommends users download software from official sources, enable real-time protection in Microsoft Defender, and utilize security software to block malicious domains.
Additional protective measures include enabling multi-factor authentication and regularly updating software to minimize risks associated with this malware.
Microsoft is committed to reducing the impact of threats like StilachiRAT by providing organizations with detection, prevention, and mitigation strategies.
The report emphasizes the stealth capabilities of StilachiRAT and the rapidly evolving threat landscape targeting cryptocurrency users.
Summary based on 11 sources
Get a daily email with more Crypto stories
Sources

Microsoft Security Blog • Mar 17, 2025
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft | Microsoft Security Blog
TechRadar pro • Mar 18, 2025
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
BleepingComputer • Mar 17, 2025
Microsoft: New RAT malware used for crypto theft, reconnaissance
CoinDesk • Mar 18, 2025
Coinbase (COIN), MetaMask Wallets at Risk of Malware, Says MicroSoft