A laughing RAT: CrystalX combines spyware, stealer, and prankware features

A laughing RAT: CrystalX combines spyware, stealer, and prankware features

In March 2026, we discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS (malware‑as‑a‑service) with three subscription tiers. It caught our attention because of its extensive arsenal of capabilities. On the panel provided to third‑party actors, in addition to the standard features of RAT‑like malware, a stealer, keylogger, clipper, and spyware are also available. Most surprisingly, it also includes prankware capabilities: a large set of features designed to trick, annoy, and troll the user. Such a combination of capabilities makes it a rather unique Trojan in its category. Kaspersky’s products detect this threat as Backdoor.Win64.CrystalX.*, Trojan.Win64.Agent.*, Trojan.Win32.Agentb.gen. The new malware was first mentioned in January 2026 in a private Telegram chat for developers of RAT malware. The author actively

Source: https://securelist.com/crystalx-rat-with-prankware-features/119283/