Microsoft Raises Alarm of Malware Targeting Coinbase, MetaMask Wallets

Tech giant Microsoft shared a new report warning of malware that targets 20 of the most popular cryptocurrency wallets used with the Google Chrome extension.

Microsoft’s Incident Response researchers raised alarms of a new remote access trojan (RAT), dubbed StilachiRAT, which could deploy “sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data,” the team shared in a blog post.

According to the team, the malware was discovered in November 2024, and it could steal users' wallet information, and any credentials, including usernames and passwords, stored in their Google Chrome browser. StilachiRAT targets 20 crypto wallets including some of the most widely-used ones like MetaMask, Coinbase Wallet, Phantom, OKX Wallet, and BNB Chain Wallet.

While the malware has not been distributed widely, Microsoft did share that it has not been able to identify what entity is behind the threat and laid out some mitigation guidelines for current targets including installing antivirus software.

“Due to its stealth capabilities and the rapid changes within the malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on the evolving threat landscape,” the team wrote.

Read more: Microsoft Shareholders Vote Down Bitcoin Treasury Proposal