Crypto Wallet Exploit affecting Windows users on Chrome

Crypto Wallet Exploit affecting Windows users on Chrome

Microsoft has identified a sophisticated remote access trojan (RAT) named StilachiRAT that targets cryptocurrency wallet extensions in the Google Chrome Browser for Windows Users, including MetaMask, Coinbase Wallet, Trust Wallet, OKX Wallet, BNB Chain Wallet, Phantom, and others. This malware is designed to steal sensitive information such as credentials stored in the browser, digital wallet details, clipboard data, and comprehensive system information.​ To ensure you are not affected, everyone should check this out.

Steps to Check Your Chrome Extensions:

1. Open Chrome Browser
2. Type chrome://extensions into the address bar and press Enter.​
3. Locate Wallet Extension and Check Extension ID matches my attached screenshot which means you are safe

image1080×1052 85.7 KB

image896×235 14.6 KB

Thanks so much!

Omniwallet is not affected right?

Not to my knowledge

This would include Brave wouldn’t it? Its based on chrome

And just wait for the exploit to be included in other extensions

Brave is based off Chromium/Chrome so potentially yes. Turn developer mode on and verify it looks like this

image1900×579 62.5 KB

This is not completely on topic but I have a question about Metamask installed in Firefox browser. I have an error problem: Page settings blocked execution of embedded script, after running Firefox in troubleshooting mode it may be necessary to remove extensions including Metamask wallet and refresh Firefox, I would like to make sure that reinstalling Metamask will not cause problems with performance, wallet funds and wallet usage?

The MetaMask wallet extension installed in my Firefox causes problems with the operation of some pages, e.g. a problem with the login panel of a banking program or problems with the operation of charts in another banking program, also the search results in DuckDuckGo do not show up, after disabling the MM extension everything works normally.

After running the console, warnings appear on problem pages, e.g.
Content-Security-Policy: Ignoring ''unsafe-inline'' in script-src: specified nonce-source’ or hash-source'.

and errors e.g.
Content-Security-Policy: Page settings blocked the execution of the embedded script (script-src-elem) because it violates the following directive: „script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-bW96LWV4dGVuc2lvbjovL2JiOWRkMTYyLWFiNzUtNDkxMy1iMjMzLTA4NTRkYTYzOWM5Mi8='”

There are currently no newer versions of MM or Firefox, what do you have any tips on what can be done about this? Have you obtained any information about similar problems with MetaMask?

@Profess I had the same issue:

I just updated MetaMask, there is new version available. Just remember to backup your seed phrase, and info about created accounts.

I checked yesterday and there was no update available for MetaMask… It turned out that a fix had been introduced, I didn’t have to update because I have version 12.12.1, once I re-enabled the MetaMask extension and restarted Firefox the problem would go awaył.

I have noticed sometimes Brave has had issues (non Autonomi related though) with using MM for some sites, when I run into that issue I use Chrome. Maybe try using Chrome over Firefox?

Thank you for your reply, a fix has already been made to MM and at the moment the problem has disappeared, hopefully permanently.