- CrystalX RAT provides advanced remote access and data theft
- It includes prankware features to attract novice hackers
- Promoted through Telegram and YouTube subscription campaigns
Security researchers warn about a new malware service offered on the dark web, apart from advanced and highly disruptive capabilities, it also enables various and annoying pranks.
Cybersecurity experts Kaspersky have detailed the CrystalX RAT, a new malware-as-a-service (MaaS) offering similar to the popular WebRAT.
“CrystalX RAT represents a highly functional MaaS platform that is not limited to espionage capabilities – spyware, keylogging and remote control – but includes unique stealth and prankware features,” the researchers explained. “Combined with the growing PR campaign of the CrystalX RAT, it can be concluded that the number of victims may increase significantly in the near future.”
The article continues below
PR campaign
This tool has a lot to offer – from remote access and system management, it enables command execution, arbitrary file download/upload, file system browsing, real-time machine control, and forced system shutdown.
For data theft and data theft, it allows key entry, clipboard hacking, browser data theft, and desktop application data theft (Steam, Discord, Telegram).
Finally, for surveillance, it allows video recording with the camera, and audio recording with the microphone.
At the same time, it can be seen as prankware, too. There are a few annoying features thrown into the mix, such as the ability to change the desktop background images, change the display orientation to various angles, display a fake notification, change the cursor position, hide the desktop icons, the taskbar, the Task Manager, and the executable Command Prompt, and remap the mouse.
Finally, it provides an attacker-victim chat window, which allows attackers to tease, taunt, threaten, or demand money from their victims.
The PR campaign that Kaspersky is talking about is a series of well-planned campaigns on different channels designed to attract potential buyers, as CrystalX RAT works on a tiered subscription model. Unfortunately, there’s no word on how much the subscription costs. We only know that there are many categories on offer.
The main channel for promotions and subscriptions is Telegram, a popular instant chat platform. However, MaaS is also being promoted on YouTube using a dedicated marketing channel that showcases its unique features and capabilities.
In addition, Kaspersky says that the prankware features are also, in a sense, a PR stunt, since such an offer will probably stand out in the sea of ​​various malware-as-a-service solutions.
Designed for noobs, aimed at Russians
For Kaspersky, CrystalX RAT is designed especially for script kids and newbie hackers, hence the aggressive social and prankware features. However, it has a few advanced tools as well, which seem to be heavily adapted from WebRAT.
That includes a detailed user panel, various customization options, and anti-analytics features. Some of its prominent features include geoblocking, customizable customization, anti-debugging, VM detection, and more.
Right now, it’s hard to say how many people fell victim to the CrystalX RAT, or how they picked it up in the first place. It’s possible that a social engineering campaign is being played out, including things like fake software cracks, missing premium services, launchers, and the like. The victims are mostly located in Russia, and according to Leonid Bezvershenko, senior security researcher at Kaspersky GReAT, the RAT is “already affecting a large number of victims.”
“Such a diverse feature set effectively allows 360-degree flattery of the victim and complete loss of privacy. Without access to account details, stolen data can be used for fraud,” he said. “We expect the number of victims to increase significantly and the geographical spread to increase in the near future.”
The best antivirus for all budgets
Follow TechRadar for Google news again add us as a favorite resource to get our expert news, reviews, and opinions in your feed. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok to get news, reviews, unboxings in video form, and get regular updates from us WhatsApp again.
