SoylentNews

Arthur T Knackerbracket [soylentnews.org] writes:

EDITORS: THIS HAS BEEN PRODUCED BY SOFTWARE UNDER DEVELOPMENT - THE CONTENT MAY REQUIRE EXTENSIVE EDITING

https://www.techradar.com/pro/security/this-new-laughing-rat-malware-will-steal-your-data-and-hack-your-systems-and-then-laugh-at-you-while-doing-it [techradar.com]

Cybersecurity experts Kaspersky have detailed CrystalX RAT [securelist.com], a new malware-as-a-service (MaaS) offering rather similar to the popular WebRAT.

For data theft and infostealing, it enables keylogging, clipboard jacking, browser data theft, and desktop app data theft (Steam, Discord, Telegram).

Finally, for surveillance, it enables video capture through the camera, as well as audio capture through the microphone.

At the same time, it can be seen as prankware, as well. There are a handful of disturbance features thrown into the mix, such as the ability to change desktop wallpapers, alter display orientation to various angles, showing fake notification, changing the cursor position, hiding desktop icons, taskbar, Task Manager, and Command Prompt executable, and remapping the mouse.

Finally, it provides an attacker-victim chat window, allowing the attackers to tease, taunt, threaten, or demand money from their victims.

The PR campaign Kaspersky is mentioning is a series of fairly organized campaigns across different channels designed to entice potential buyers, since CrystalX RAT works on a tiered subscription model. Unfortunately, there was no word on how much a subscription costs. We only know that there are multiple tiers on offer.

The primary channel for promotions and subscriptions is Telegram, the famed instant chat platform. However, the MaaS is also being promoted on YouTube [techradar.com] via a dedicated marketing channel which demonstrates its different features and capabilities.

Furthermore, Kaspersky argues that the prankware features are also, in a sense, a PR stunt, since such an offering will most likely stand out in a sea of various malware-as-a-service [techradar.com] solutions.

Those include a detailed user panel, various customization options, as well as anti-analysis features. Some of its standout features include geoblocking, executable customization, anti-debugging, VM detection, and more.

Right now, it is difficult to say how many people fell victim to CrystalX RAT, or how they initially picked it up. It is likely that a social engineering campaign is at play, including things like fake software cracks, non-existent premium services, activators, and similar. The victims are predominantly located in Russia, and according to Leonid Bezvershenko, senior security researcher at Kaspersky GReAT, the RAT is “already affecting dozens of victims.”

“Such a diverse feature set effectively enables a 360-degree compromise of the victim and a complete loss of privacy. Beyond gaining access to account credentials, the stolen data could potentially be used for blackmail,” he said. “We expect the number of victims to grow significantly and its geographic spread to expand in the near future.”

Original Submission