Cybersecurity researchers have found a new malware threat called CrystalX RAT, which is circulating on private hacker chats and forums.
What makes CrystalX RAT different from other malware?
It is an all-in-one hacker tool that includes data theft and spy capabilities. In addition, perhaps just in time for April Fools’ Day, the CrystalX RAT also has a unique “prankware” ability that can prank and troll its victims in real time.
On April 1, researchers with cybersecurity company Kaspersky’s Global Research & Analysis Team (GreAT) published a letter that. new report on a new malware they just discovered in March called CrystalX RAT.
The team found evidence of this new malware dating back to January, and it was being offered to the hacker community as a MaaS, or Malware-as-a-Service tool. This means that the developers of CrystalX RAT were offering the malware to bad actors with little technical knowledge as a paid subscription service.
RAT stands for Remote Access Trojan and is a very dangerous type of malware that gives attackers complete remote access to a target computer or mobile device.
However, what caught the eye of Kaspersky researchers about CrystalX RAT was its “wider arsenal of capabilities” compared to other similar types of malware.
Mashable Light Speed
When a target downloads the CrystalX RAT malware onto their device, they provide the attacker with a wealth of data-stealing capabilities and spyware functionality. CrystalX RAT includes a hacker, which collects system information and extracts private credentials from platforms such as Telegram, Discord, Steam, and Chromium-based browsers such as Google Chrome. In addition, the attacker can remotely monitor and control the infected device.
CrystalX RAT also includes a keylogger, which records every keystroke by the victim, and a patcher, which changes the victim’s clipboard. An attacker can use the patch to perform actions such as changing the address of a crypto wallet where the target will paste the address.
However, what really sets CrystalX RAT apart from other malware is its prankware toolset, which can be used to mock the victim from within their device.
According to Kaspersky, CrystalX RAT comes with a panel titled “Rofl,” which includes different ways an attacker can perform pranks on a remote target with their infected computer.
Using the CrystalX RAT, a hacker can remotely change the victim’s desktop background to any image they like or rotate their computer’s screen display, for example.
An attacker can also replace mouse buttons, disable computer peripherals such as a monitor or keyboard, or hide desktop icons. CrystalX RAT also provides the ability to completely shutdown or reboot an infected device remotely. In addition, the victim can receive custom notifications created by the attacker, who can even send messages through a pop-up chat window.
While these may seem like silly pranks, as Kaspersky points out, they add a psychologically depressing value to the target, who is already a victim of a cyberattack.
“Such a versatile feature effectively allows a 360-degree compromise of the victim and a complete loss of privacy,” Kaspersky senior security researcher Leonid Bezvershenko said in a statement. “Without access to account credentials, stolen data can be used for fraud.”
CrystalX RAT is just one of the number of complicated malware to attack to appear in the last few months. Cybersecurity experts urge users to be cautious when encountering unknown files online and stick to downloads from legitimate, trusted sources.
Articles
Applications and Software Cybersecurity
