Kaspersky Uncovers ”CrystalX RAT”: A Multi-Functional Malware Threat Spreading via YouTube and Telegram
Researchers at Kaspersky’s Global Research and Analysis Team (GReAT) have identified a sophisticated new Remote Access Trojan (RAT) dubbed CrystalX. Operating under a Malware-as-a-Service (MaaS) model, this versatile threat is being aggressively marketed on platforms like YouTube and Telegram, lowering the barrier to entry for low-skilled cybercriminals.
Unlike traditional RATs, CrystalX features an expansive suite of malicious functions, including credential harvesting for Telegram, Steam, and Discord, alongside advanced spyware capabilities. Security researcher Leonid Bezvershenko warned that the malware enables "total privacy loss," allowing attackers to record audio, activate webcams, and manipulate clipboard data—a feature specifically designed to hijack cryptocurrency transactions by swapping wallet addresses. The malware also includes a psychological harassment component, enabling attackers to remotely control mouse movements and screen settings in real-time.