CrystalRAT malware-as-a-service offers remote access and prankware features

As reported by Bleeping Computer, a new malware-as-a-service (MaaS) named CrystalRAT has emerged, actively promoted on platforms like Telegram and YouTube. This MaaS offers a range of malicious capabilities, including remote access, data theft, keylogging, and clipboard hijacking, alongside a unique set of prankware features.CrystalRAT, which first appeared in January, operates on a tiered subscription model and shares significant similarities with the WebRAT (Salat Stealer) malware, according to Kaspersky researchers. It features a user-friendly control panel and an automated builder that allows customization of payloads, including geoblocking and anti-analysis techniques. The malware targets Chromium-based browsers, Yandex, and Opera, and also collects data from desktop applications like Steam, Discord, and Telegram. Its remote access module enables command execution, file transfer, and real-time control via VNC.Notably, CrystalRAT includes prankware functionalities such as changing desktop wallpaper, altering display orientation, forcing system shutdowns, and disabling input devices, which may serve to distract victims.Source:Bleeping Computer