- CrystalX RAT offers advanced remote access and data theft
- Includes prank features to attract novice hackers
- Promoted via Telegram and YouTube subscription campaigns
Security researchers are warning about a new malware service offered on the dark web which, in addition to advanced and highly disruptive features, also enables various pranks and annoyances.
Cybersecurity experts Kaspersky have detailed CrystalX RAT, a new malware-as-a-service (MaaS) offering rather similar to the popular WebRAT.
“CrystalX RAT represents a highly functional MaaS platform that is not limited to espionage capabilities – spyware, keylogging and remote control – but includes unique theft and prank capabilities,” the researchers explained. “In combination with the growing PR campaign for CrystalX RAT, we can conclude that the number of victims could increase significantly in the near future.”
Article continues below
Public relations campaign
This tool has a lot to offer: for remote access and system control, it allows command execution, arbitrary file upload/download, file system navigation, real-time machine control, and forced system shutdown.
For data theft and information theft, it allows keylogging, clipboard hijacking, browser data theft, and desktop app data theft (Steam, Discord, Telegram).
Finally, for surveillance, it allows video capture via the camera, as well as audio capture via the microphone.
At the same time, it can also be considered a hoax. There are a handful of disruptive features thrown into the mix, such as the ability to change the desktop wallpaper, change display orientation from different angles, display fake notifications, change cursor position, hide desktop icons, taskbar, task manager, and command prompt executable, and remap the mouse.
Finally, it provides a chat window between attacker and victim, allowing attackers to tease, taunt, threaten or demand money from their victims.
The PR campaign mentioned by Kaspersky is a series of fairly organized campaigns across different channels, designed to attract potential buyers, since CrystalX RAT operates on a tiered subscription model. Unfortunately, it is not known how much a subscription costs. We only know that there are several levels offered.
The main channel for promotions and subscriptions is Telegram, the famous instant chat platform. However, MaaS is also promoted on YouTube through a dedicated marketing channel that demonstrates its various features and capabilities.
Additionally, Kaspersky claims that the malware’s features are also, in some sense, a publicity stunt, since such an offering will most likely stand out in a sea of various malware-as-a-service solutions.
Designed for noobs, targets Russians
For Kaspersky, CrystalX RAT is designed primarily for script kiddies and beginner hackers, hence the aggressive social push and prank features. However, it also has a handful of advanced tools, most of which seem to be carried over from WebRAT.
These include a detailed user panel, various customization options, as well as anti-scan features. Some of its notable features include geo-blocking, executable customization, anti-debugging, virtual machine detection, and more.
At this time, it is difficult to say how many people have fallen victim to CrystalX RAT, or how they initially detected it. It is likely that a social engineering campaign is at play, including things like fake cracked software, non-existent premium services, activators, etc. Victims are primarily in Russia, and according to Leonid Bezvershenko, senior security researcher at Kaspersky GReAT, RAT is “already affecting dozens of victims.”
“Such a diverse feature set effectively enables 360-degree victim compromise and complete loss of privacy. Beyond access to account credentials, stolen data could potentially be used for blackmail,” he said. “We expect the number of casualties to increase significantly and its geographic distribution to expand in the near future. »
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
