Cybersecurity experts at Kaspersky have uncovered a newly emerging remote access trojan (RAT) known as ‘CrystalX’. With the discovery, the experts warn that the malware combines powerful surveillance capabilities with unusual prank features designed to intimidate victims.
Discovered by Kaspersky’s Global Research and Analysis Team (GReAT), CrystalX is being distributed through an active malicious campaign and is already affecting multiple users. The malware is also being marketed as a malware-as-a-service (MaaS) tool on platforms such as YouTube and Telegram, lowering the barrier for cybercriminals to deploy it.
Unlike traditional RATs, CrystalX integrates several malicious tools into a single package. It functions simultaneously as a data stealer, keylogger, spyware, and clipper, thereby enabling attackers to gain deep access to victims’ systems.
The malware can collect system information and browser data, extract login credentials from platforms like Steam, Discord, and Telegram and also replace cryptocurrency wallet addresses to redirect funds. According to Kaspersky, the malware can capture screenshots, audio, and video from infected devices.
This broad functionality gives attackers near-total visibility into a victim’s digital life, raising concerns about identity theft, financial fraud, and potential blackmail. What sets CrystalX apart is its unusual ‘prankware’ component. Beyond silent surveillance, attackers can actively manipulate a victim’s device in real time.
