In March 2026, Kaspersky researchers discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS (malware‑as‑a‑service) with three subscription tiers.
It caught the researchers attention because of its extensive arsenal of capabilities. On the panel provided to third‑party actors, in addition to the standard features of RAT‑like malware, a stealer, keylogger, clipper, and spyware are also available. Most surprisingly, it also includes prankware capabilities: a large set of features designed to trick, annoy, and troll the user. Such a combination of capabilities makes it a rather unique Trojan in its category. Kaspersky’s products detect this threat as Backdoor.Win64.CrystalX.*, Trojan.Win64.Agent.*, Trojan.Win32.Agentb.gen.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Patient dies after ransomware attack reroutes her to remote hospital in Germany
September 17, 2020
A woman seeking emergency treatment for a life-threatening condition died after a ransomware attack crippled a nearby hospital in Duesseldorf, Germany, and forced her to obtain services from a more distant facility, it was widely reported on Thursday. German authorities are investigating the unknown perpetrators on suspicion of negligent manslaughter, the Associated Press, German news outlet ...
- US charges Iranian hackers for breaching US satellite companies
September 17, 2020
Three Iranian nationals have been indicted on charges of hacking US aerospace and satellite companies, the US Department of Justice announced today. Federal prosecutors accused Said Pourkarim Arabi, Mohammad Reza Espargham, and Mohammad Bayati of orchestrating a years-long hacking campaign on behalf of the Iranian government. The hacking spree started in July 2015 and targeted a broad ...
- APT41 Operatives Indicted as Sophisticated Hacking Activity Continues
September 17, 2020
Five alleged members of the APT41 threat group have been indicted by a federal grand jury, in two separate actions that were unsealed this week. Meanwhile, the Department of Treasury also imposed sanctions on individuals and organizations associated with Iran-linked APT39. APT41 (a.k.a. Barium, Winnti, Wicked Panda or Wicked Spider) is known for nation-state-backed cyber-espionage activity as ...
- Maze ransomware now encrypts via virtual machines to evade detection
September 17, 2020
The Maze ransomware operators have adopted a tactic previously used by the Ragnar Locker gang; to encrypt a computer from within a virtual machine. In May, we previously reported that Ragnar Locker was seen encrypting files through VirtualBox Windows XP virtual machines to bypass security software on the host. The virtual machine would mount a host’s drives ...
- Mozi Botnet Accounts for Majority of IoT Traffic
September 17, 2020
The Mozi botnet, a peer-2-peer (P2P) malware known previously for taking over Netgear, D-Link and Huawei routers, has swollen in size to account for 90 percent of observed traffic flowing to and from all internet of things (IoT) devices, according to researchers. IBM X-Force noticed Mozi’s spike within it’s telemetry, amid a huge increase in overall ...
- Apple Bug Allows Code Execution on iPhone, iPad, iPod
September 17, 2020
Apple has updated its iOS and iPadOS operating systems, which addressed a wide range of flaws in its iPhone, iPad and iPod devices. The most severe of these could allow an adversary to exploit a privilege-escalation vulnerability against any of the devices and ultimately gain arbitrary code-execution. The bugs were made public Wednesday as part of ...