Sophisticated CrystalX RAT Emerges
securityweek
A new malware-as-a-service (MaaS) has been promoted on Telegram as combining spyware, stealer, and remote access capabilities, Kaspersky reports.
Named CrystalX RAT, it emerged in January, when it was offered as Webcrystal RAT. Featuring a control panel identical to WebRAT, it was later rebranded, and its developer started promoting it both on Telegram and YouTube.
The malware control panel offers access to an auto‑builder featuring options such as geo-blocking and anti‑analysis, and allows users to generate compressed and encrypted implants.
Written in Go, the RAT establishes a WebSocket connection to its command-and-control (C&C) server immediately after execution, then starts collecting system information.
After sending the collected system data, the malware executes an information-stealing module that harvests Discord, Steam, and Telegram credentials, as well as data from Chrome-based browsers.
The RAT also packs a keylogger module that instantly sends all user input to the C&C via WebSocket. It also ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE