This new 'laughing rat' malware will steal your data and hack your systems — and then laugh at you while doing it

• CrystalX RAT offers advanced remote access and data theft
• Includes prankware features to attract novice hackers
• Promoted via Telegram and YouTube subscription campaigns

Security researchers are warning about a new malware service being offered on the dark web which, aside from advanced and highly disruptive capabilities, also enables various pranks and annoyances.

Cybersecurity experts Kaspersky have detailed CrystalX RAT, a new malware-as-a-service (MaaS) offering rather similar to the popular WebRAT.

“CrystalX RAT represents a highly functional MaaS platform that is not limited to espionage capabilities – spyware, keylogging and remote control – but includes unique stealer and prankware features,” the researchers explained. “Combined with the growing PR campaign for CrystalX RAT, it can be concluded that the number of victims can increase significantly in the near future.”

PR campaign

This tool has a lot to offer - for remote access and system control, it enables command execution, arbitrary file download/upload, file system browsing, real-time machine control, and forced system shutdown.

For data theft and infostealing, it enables keylogging, clipboard jacking, browser data theft, and desktop app data theft (Steam, Discord, Telegram).

Finally, for surveillance, it enables video capture through the camera, as well as audio capture through the microphone.

At the same time, it can be seen as prankware, as well. There are a handful of disturbance features thrown into the mix, such as the ability to change desktop wallpapers, alter display orientation to various angles, showing fake notification, changing the cursor position, hiding desktop icons, taskbar, Task Manager, and Command Prompt executable, and remapping the mouse.

Finally, it provides an attacker-victim chat window, allowing the attackers to tease, taunt, threaten, or demand money from their victims.

The PR campaign Kaspersky is mentioning is a series of fairly organized campaigns across different channels designed to entice potential buyers, since CrystalX RAT works on a tiered subscription model. Unfortunately, there was no word on how much a subscription costs. We only know that there are multiple tiers on offer.

The primary channel for promotions and subscriptions is Telegram, the famed instant chat platform. However, the MaaS is also being promoted on YouTube via a dedicated marketing channel which demonstrates its different features and capabilities.

Furthermore, Kaspersky argues that the prankware features are also, in a sense, a PR stunt, since such an offering will most likely stand out in a sea of various malware-as-a-service solutions.

Designed for noobs, targets Russians

For Kaspersky, CrystalX RAT is designed primarily for script kiddies and newbie hackers, hence the aggressive social push and prankware features. However, it has a handful of advanced tools as well, which seem to be mostly picked up from WebRAT.

Those include a detailed user panel, various customization options, as well as anti-analysis features. Some of its standout features include geoblocking, executable customization, anti-debugging, VM detection, and more.

Right now, it is difficult to say how many people fell victim to CrystalX RAT, or how they initially picked it up. It is likely that a social engineering campaign is at play, including things like fake software cracks, non-existent premium services, activators, and similar. The victims are predominantly located in Russia, and according to Leonid Bezvershenko, senior security researcher at Kaspersky GReAT, the RAT is “already affecting dozens of victims.”

“Such a diverse feature set effectively enables a 360-degree compromise of the victim and a complete loss of privacy. Beyond gaining access to account credentials, the stolen data could potentially be used for blackmail,” he said. “We expect the number of victims to grow significantly and its geographic spread to expand in the near future.”

The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.