In March 2026, Kaspersky researchers discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS (malware‑as‑a‑service) with three subscription tiers.
It caught the researchers attention because of its extensive arsenal of capabilities. On the panel provided to third‑party actors, in addition to the standard features of RAT‑like malware, a stealer, keylogger, clipper, and spyware are also available. Most surprisingly, it also includes prankware capabilities: a large set of features designed to trick, annoy, and troll the user. Such a combination of capabilities makes it a rather unique Trojan in its category. Kaspersky’s products detect this threat as Backdoor.Win64.CrystalX.*, Trojan.Win64.Agent.*, Trojan.Win32.Agentb.gen.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ransomware attacks increasingly target Vietnam’s financial sector
September 26, 2024
At a recent conference on digital finance, Le Van Tuan, Director of the Department of Information Security under the Ministry of Information and Communications, said finance is a sector with a high ranking in digital transformation, but at the same time, the risk of information security is always lurking with the sector. According to statistics from ...
- Storm-0501: Ransomware attacks expanding to hybrid cloud environments
September 26, 2024
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, and ...
- Australia’s biggest medical imaging provider I-MED data breach exposes tens of thousands of patient files
September 26, 2024
Tens of thousands of patients from Australia’s biggest medical imaging provider I-MED have had swaths of sensitive health and personal information exposed in a data breach using details that have been public for a year. This information includes medical reports, scan images, names, addresses and other details that were stored in I-MED’s internal systems, which were ...
- UK railway stations Wi-Fi affected by cyber attack
September 26, 2024
The wi-fi has been hacked at 19 UK railway stations to display a message about terror attacks. Network Rail confirmed that the wi-fi systems at stations including London Euston, Manchester Piccadilly, Liverpool Lime Street, Birmingham New Street, Edinburgh Waverley and Glasgow Central were affected. People reported logging on to the wi-fi at the stations on Wednesday ...
- Threat landscape for industrial automation systems, Q2 2024
September 26, 2024
In the second quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.9 pp from the previous quarter to 23.5%. The percentage has decreased by 3.3 pp compared to the second quarter of 2023, when the indicator reached its highest level since records began in 2022. Read more… Source: Kaspersky Sign up ...
- From 12 to 21: How Kaspersky discovered connections between the Twelve and BlackJack groups
September 25, 2024
While analyzing attacks on Russian organizations, Kaspersky team regularly encounters overlapping tactics, techniques, and procedures (TTPs) among different cybercrime groups, and sometimes even shared tools. Kaspersky researchers recently discovered one such overlap: similar tools and tactics between two hacktivist groups – BlackJack and Twelve, which likely belong to a single cluster of activity. In this report, ...