CrystalX RAT is a significant threat that not only invades a device but also plays pranks on the victim. Discovered within private hacker groups, it stands out due to its combination of data-stealing and spyware features. Uniquely, it also includes “prankware” capabilities, allowing attackers to mock targets in real-time, making it particularly timely around April Fools’ Day.
On April 1, Kaspersky’s Global Research & Analysis Team revealed a report on this malware, initially discovered in March, with traces dating back to January. Offered as a Malware-as-a-Service (MaaS), CrystalX RAT enables a comprehensive compromise of victims’ devices, from stealing data to real-time pranking.
CrystalX RAT can collect system information and extract credentials from Telegram, Discord, Steam, and Chromium-based browsers. It has a keylogger to record keystrokes and a clipper to manipulate clipboard content, useful for crypto wallet address alteration.
Its prankware toolset features a “Rofl” panel, allowing hackers to change desktop backgrounds, rotate screens, switch mouse buttons, disconnect peripherals, hide icons, shut down or restart devices, and send custom pop-up messages. These pranks add a psychological dimension to the attack.
Leonid Bezvershenko of Kaspersky emphasized the full-scale privacy compromise and potential blackmail opportunities. CrystalX RAT is among various evolved malware attacks prompting cybersecurity experts to advise caution with unknown files and to trust only official download sources.