SECURITYWEEK reports a new malware-as-a-service named CrystalX RAT, promoted on Telegram and YouTube after first emerging in January as Webcrystal RAT. Written in Go, the RAT establishes a WebSocket connection to its command-and-control server on execution and can spy, steal credentials from Discord, Steam, Telegram, and Chrome-based browsers, and log keystrokes.
It offers remote access commands, file uploads and browsing, and can drive a built-in VCN for remote screen control, along with audio and video capture from the system’s microphone and camera. The control panel includes anti-analysis and geo-blocking options, an auto-builder for implants, and the ability to block user input and display custom notifications during intrusions.
Kaspersky notes that CrystalX RAT has infected dozens of individuals and has so far been used only in Russia, though it is promoted as MaaS with no regional restrictions. Telemetry reportedly shows new implant versions, suggesting active development and the potential for wider victims in the near future. according to Kaspersky.