Malware, Data Security, Threat Intelligence

CrystalRAT malware-as-a-service offers remote access and prankware features

Laptop screen showing malware warning sign with digital circuit background on desk in modern office environment with natural light and creative concept.

As reported by Bleeping Computer, a new malware-as-a-service (MaaS) named CrystalRAT has emerged, actively promoted on platforms like Telegram and YouTube. This MaaS offers a range of malicious capabilities, including remote access, data theft, keylogging, and clipboard hijacking, alongside a unique set of prankware features.

CrystalRAT, which first appeared in January, operates on a tiered subscription model and shares significant similarities with the WebRAT (Salat Stealer) malware, according to Kaspersky researchers. It features a user-friendly control panel and an automated builder that allows customization of payloads, including geoblocking and anti-analysis techniques. The malware targets Chromium-based browsers, Yandex, and Opera, and also collects data from desktop applications like Steam, Discord, and Telegram. Its remote access module enables command execution, file transfer, and real-time control via VNC.

Notably, CrystalRAT includes prankware functionalities such as changing desktop wallpaper, altering display orientation, forcing system shutdowns, and disabling input devices, which may serve to distract victims.

Source: Bleeping Computer

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds