
Microsoft has identified a new remote Trojan horse from remotely designed to steal user cryptocurrency by targeting digital wallet extensions on Google Chrome.
Malware, nicknamed Stilachirat, has been the subject of an investigation since November 2024, and security experts warn that it represents an important threat to crypto holders.
How does Stilachirate work
According to the Microsoft incident intervention team, Stilachirat is able to extract identification information stored in the browser, to scan aircraft for cryptographic wallet extensions and to intercept sensitive information such as private keys and passwords.
It has been found that malicious software specifically targets at least 20 cryptocurrency portfolios, including Bitget Wallet (formerly Bitkeep), the trusted wallet, Coinbase, Metamask, Tronlink and Okx Wallet wallet. Once deployed, it can steal from digital assets stored by accessing data from the clipboard and extracting private identification information.
Microsoft’s research indicates that Stilachirat works stealthily, using various escape techniques to avoid detection. Malware sets up via a compromised library file, wwstartupctrl64.dll, which runs remote controls to manipulate infected systems.
Once active, he scans the device for cryptographic wallet extensions and extracts the recorded identification information from local Google Chrome status files. A key feature of malware is its ability to monitor the activity of the clipboard, which means that if users copy and stick addresses or passwords from the crypto, stilachirat portfolio can capture and redirect this information to the attacker.
Microsoft also noted that the Trojan horse includes antiform capacities, such as compensation for event logs and detection of sandbox environments to avoid being analyzed by cybersecurity researchers.
Microsoft’s response and safety recommendations
Currently, Microsoft has not attributed the attack to any specific pirate group, but warned that because of the nature of the malware ecosystem, Stilachirat could evolve quickly. In a blog article, the company said:
Based on Microsoft’s current visibility, malware has no general distribution for the moment. However, due to its stealth capacities and rapid changes within the ecosystem of malware, we share these results in the context of our continuous efforts to monitor, analyze and account for the landscape of evolving threats.
Microsoft advises users to take precautionary measures to avoid a victim of the victim of Stilachirat and similar threats. The company recommends installing antivirus software, activating anti-phishing and anti-malware based on the cloud, and ensuring that all browser extensions come from sources of trust.
Users must also be careful when copying and collaging addresses and passwords of the portfolio, because malware like Stilachirat specifically use the clipboard data.
With growing security risks in cryptographic space, Microsoft’s warning highlights the importance of remaining vigilant against cyberrencies. While hackers are developing more advanced techniques to compromise digital portfolios, investors and everyday users must take proactive measures to secure their assets.
Star image created with Dall-E, tradingView graphic

Editorial process Because the bitcoinist is centered on the supply of in -depth, precise and impartial content. We confirm strict supply standards, and each page undergoes a diligent review by our team of high -level technology experts and experienced editors. This process guarantees the integrity, relevance and value of our content for our readers.