CrystalX RAT: New Malware Combines Data Theft and Prankware Features

CrystalX RAT: New Malware Combines Data Theft and Prankware Features

First seen 1 Apr 2026, 12:02 UTC SecurelistKasperskyGbhackersCybersecuritynewsSea.Mashable+4 86% similarity 71.0

Article Content

Browse articles
ThreatCluster

In March 2026, cybersecurity researchers discovered CrystalX RAT, a new malware-as-a-service (MaaS) being promoted in private Telegram channels. This malware offers a wide range of capabilities, including remote access, data theft, keylogging, and unique prankware features designed to disrupt and mock victims. CrystalX RAT can steal credentials from platforms like Steam, Discord, and Telegram, and manipulate clipboard contents to facilitate cryptocurrency theft. The malware was first identified in January 2026 as WebCrystal RAT before being rebranded. It operates on a subscription model with three tiers, making it accessible to less skilled cybercriminals. The malware connects to its command-and-control server via WebSocket and has been noted for its user-friendly interface. As of the latest reports, the initial infection vector remains unknown, but the malware is actively evolving, with new versions being detected. Victims are primarily located in Russia, and the threat is expected to grow.

Key Points: • CrystalX RAT combines data theft and prankware features, making it a unique threat. • The malware is marketed as a MaaS, allowing less skilled attackers to access its capabilities. • Initial infection vector is unknown, but it is rapidly evolving with new versions detected.

ThreatCluster AI

Timeline

2026-01-01
CrystalX RAT first mentioned as WebCrystal RAT in Telegram chats
2026-03-01
Active campaign promoting CrystalX RAT discovered
2026-04-01
Kaspersky publishes report detailing CrystalX RAT features

Community

Browse all →