In March 2026, Kaspersky researchers discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS (malware‑as‑a‑service) with three subscription tiers.
It caught the researchers attention because of its extensive arsenal of capabilities. On the panel provided to third‑party actors, in addition to the standard features of RAT‑like malware, a stealer, keylogger, clipper, and spyware are also available. Most surprisingly, it also includes prankware capabilities: a large set of features designed to trick, annoy, and troll the user. Such a combination of capabilities makes it a rather unique Trojan in its category. Kaspersky’s products detect this threat as Backdoor.Win64.CrystalX.*, Trojan.Win64.Agent.*, Trojan.Win32.Agentb.gen.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Oracle WebLogic Server RCE Flaw Under Active Attack
October 29, 2020
If an organization hasn’t updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: “Assume it has been compromised.” Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. The console component of the WebLogic Server has a flaw, CVE-2020-14882, ...
- REvil ransomware gang claims over $100 million profit in a year
October 29, 2020
REvil ransomware developers say that they made more than $100 million in one year by extorting large businesses across the world from various sectors. They are driven by profit and want to make $2 billion from their ransomware service, adopting the most lucrative trends in their pursuit of wealth. Read more… Source: Bleeping Computer
- Hacker releases Georgia county’s election-related files
October 29, 2020
Hackers on Tuesday released a sample of stolen election-related documents from networks in Hall County, Ga., as part of their efforts to pressure county officials into paying a ransom for control of the files. The Wall Street Journal reported that the batch of files, which were largely administrative and nonsensitive in nature, came as part of ...
- Brooklyn & Vermont hospitals are latest Ryuk ransomware victims
October 29, 2020
Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network are the latest victims of the Ryuk ransomware attack spree covering the healthcare industry across the U.S. Yesterday, the U.S. government hosted an emergency call with stakeholders in the healthcare industry to alert them to an “increased and imminent cybercrime threat to U.S. ...
- Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector
October 29, 2020
On Oct. 28, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) released a joint cybersecurity alert regarding an increased and imminent cybersecurity threat to the U.S. healthcare system. Threat operators have displayed a heightened interest in targeting the healthcare and the public ...
- Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee
October 29, 2020
Domain parking services offer a simple solution for domain owners to monetize their sites’ traffic through third-party advertisements. While domain parking might appear harmless at first glance, parked domains pose significant threats, as they can redirect visitors to malicious or unwanted landing pages or turn entirely malicious at any point in time. We have been detecting ...