Kaspersky Unveils CrystalX RAT: Data-Stealing Trojan with Disturbing Prank Features

KHADAMATY-NEW

Kaspersky has uncovered a new remote access trojan (RAT) named CrystalX, capable of stealing sensitive data and conducting full-scale surveillance on infected devices, while also executing disruptive and psychologically unsettling pranks. The malware combines stealer, keylogger, clipper, and spyware functionalities and is marketed as Malware-as-a-Service (MaaS) via platforms like YouTube and Telegram, increasing the likelihood of use by less-skilled cybercriminals

CrystalX RAT collects system information, account credentials for Steam, Discord, and Telegram, as well as browser data. It also targets cryptocurrency users through a browser-based clipper that replaces wallet addresses. Beyond data theft, the trojan can capture screenshots, record audio, and stream video from both the webcam and the victim’s screen

Notably, CrystalX RAT includes prankware features, allowing attackers to visibly manipulate the victim’s device: shaking the mouse cursor, changing wallpapers, flipping screen orientation, hiding desktop icons, forcing shutdowns, and sending real-time pop-up messages. These actions introduce a disruptive psychological dimension to the attack

Currently, attacks are concentrated in Russia, but its distribution model could enable a wider international spread. Kaspersky advises users to avoid suspicious files and links, download software only from official sources, maintain strong security solutions such as Kaspersky Premium, and enable file extensions in Windows to detect malicious files

For a full report on CrystalX RAT and indicators of compromise, visit Securelist.com

This alert underscores the critical need for vigilance and digital privacy protection against evolving cyber threats