- CrystalX RAT offers advanced remote access and data theft
- Includes prank features to attract novice hackers.
- Promoted through Telegram and YouTube subscription campaigns.
Security researchers are warning of a new malware service being offered on the dark web that, in addition to advanced and highly disruptive capabilities, also enables various pranks and annoyances.
Cybersecurity experts Kaspersky have detailed CrystalX RAT, a new malware-as-a-service (MaaS) offering quite similar to the popular WebRAT.
“CrystalX RAT represents a highly functional MaaS platform that is not limited to spy capabilities (spyware, keylogging and remote control) but includes unique thief and prank functions,” the researchers explained. “Combined with the growing PR campaign for CrystalX RAT, it can be concluded that the number of victims may increase significantly in the near future.”
Article continues below.
public relations campaign
This tool has a lot to offer: for remote access and system control, it allows command execution, arbitrary file download/upload, file system browsing, real-time machine control, and forced system shutdown.
For data theft and information theft, it allows keylogging, clipboard theft, browser data theft, and desktop application data theft (Steam, Discord, Telegram).
Finally, for surveillance, it allows video capture through the camera, as well as audio capture through the microphone.
At the same time, it can also be seen as a joke. There are a handful of disruptive features thrown into the mix, such as the ability to change desktop backgrounds, alter the screen orientation at various angles, display fake notifications, change the cursor position, hide desktop icons, the taskbar, Task Manager, and the Command Prompt executable, and remap the mouse.
Finally, it provides a chat window between attacker and victim, allowing attackers to taunt, taunt, threaten, or demand money from their victims.
The PR campaign that Kaspersky mentions is a series of fairly organized campaigns on different channels designed to attract potential buyers, as CrystalX RAT works on a tiered subscription model. Unfortunately, it is not known how much a subscription costs. We only know that several levels are offered.
The main channel for promotions and subscriptions is Telegram, the famous instant chat platform. However, MaaS is also promoted on YouTube through a dedicated marketing channel that demonstrates its different features and capabilities.
Additionally, Kaspersky maintains that the prank software’s features are also, in a sense, a public relations stunt, since such an offering will likely stand out in a sea of various malware-as-a-service solutions.
Designed for newbies, targets Russians
For Kaspersky, CrystalX RAT is designed primarily for script kiddies and novice hackers, hence the aggressive social pushing and pranking features. However, it also has a handful of advanced tools, which seem to mostly come from WebRAT.
These include a detailed user panel, various customization options, and anti-analysis features. Some of its notable features include geo-blocking, executable customization, anti-debugging, VM detection, and more.
At this time, it is difficult to say how many people fell victim to CrystalX RAT or how they initially contracted it. A social engineering campaign is likely at play, including things like fake software cracks, non-existent premium services, activators, and the like. The victims are predominantly located in Russia and, according to Leonid Bezvershenko, senior security researcher at Kaspersky GReAT, the RAT is “already affecting dozens of victims.”
“Such a diverse feature set effectively allows for a 360-degree compromise of the victim and a complete loss of privacy. Beyond gaining access to account credentials, the stolen data could potentially be used for blackmail,” he said. “We expect the number of victims to grow significantly and its geographic extent to expand in the near future.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
