Share this article
Microsoft Raises Alarm of Malware Targeting Coinbase, MetaMask Wallets
A new report from Microsoft researchers warned of malware that could steal and decrypt users’ information from 20 of some of the most popular cryptocurrency wallets.
Updated Mar 18, 2025, 6:34 p.m. Published Mar 18, 2025, 3:05 p.m.
What to know:
- Tech giant Microsoft shared a new report warning of malware that targets 20 of the most popular cryptocurrency wallets used with the Google Chrome extension.
- The malware, dubbed StilachiRAT, could deploy “sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data."
- While the malware has not been distributed widely, Microsoft did share that it has not been able to identify what entity is behind the threat.
Tech giant Microsoft shared a new report warning of malware that targets 20 of the most popular cryptocurrency wallets used with the Google Chrome extension.
STORY CONTINUES BELOW
Microsoft’s Incident Response researchers raised alarms of a new remote access trojan (RAT), dubbed StilachiRAT, which could deploy “sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data,” the team shared in a blog post.
According to the team, the malware was discovered in November 2024, and it could steal users' wallet information, and any credentials, including usernames and passwords, stored in their Google Chrome browser. StilachiRAT targets 20 crypto wallets including some of the most widely-used ones like MetaMask, Coinbase Wallet, Phantom, OKX Wallet, and BNB Chain Wallet.
While the malware has not been distributed widely, Microsoft did share that it has not been able to identify what entity is behind the threat and laid out some mitigation guidelines for current targets including installing antivirus software.
“Due to its stealth capabilities and the rapid changes within the malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on the evolving threat landscape,” the team wrote.
Read more: Microsoft Shareholders Vote Down Bitcoin Treasury Proposal
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Coinbase Expands Reach of Stablecoin-Based AI Agent Payments Tool
The updated protocol, x402 V2, allows developers to combine payments, enable secure wallet access, and add new features via a clean, modular design.
What to know:
- Coinbase has released the latest version of its stablecoin-based payments protocol for AI agents, making it easier to extend and plug in the autonomous payments system.
- The new version adds wallet-based identity, automatic API discovery, dynamic payment recipients, and support for more chains and fiat.
Top Stories
