In March 2026, Kaspersky researchers discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS (malware‑as‑a‑service) with three subscription tiers.
It caught the researchers attention because of its extensive arsenal of capabilities. On the panel provided to third‑party actors, in addition to the standard features of RAT‑like malware, a stealer, keylogger, clipper, and spyware are also available. Most surprisingly, it also includes prankware capabilities: a large set of features designed to trick, annoy, and troll the user. Such a combination of capabilities makes it a rather unique Trojan in its category. Kaspersky’s products detect this threat as Backdoor.Win64.CrystalX.*, Trojan.Win64.Agent.*, Trojan.Win32.Agentb.gen.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Chinese hacker group caught bypassing 2FA
December 23, 2019
Security researchers say they found evidence that a Chinese government-linked hacking group has been bypassing two-factor authentication (2FA) in a recent wave of attacks. The attacks have been attributed to a group the cyber-security industry is tracking as APT20, believed to operate on the behest of the Beijing government, Dutch cyber-security firm Fox-IT said in a ...
- Unit 42 Discovers 13 New Vulnerabilities Across Microsoft and Adobe Products
December 19, 2019
Palo Alto Networks’ Unit 42 threat researchers have been credited with discovering six new vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of its December Adobe Security Bulletin APSB19-55 security updates. Additionally, seven new “important” rated vulnerabilities were addressed by the Microsoft Security Response Center (MSRC) as part of its September, October and November ...
- This ‘grab-bag’ hacking attack drops six different types of malware in one go
December 19, 2019
A high-volume hacking campaign is targeting organisations around the world with attacks that deliver a ‘grab-bag’ of malware that includes information-stealing trojans, a remote backdoor, a cryptojacker and a cryptocurrency stealer. Uncovered by researchers at Deep Instinct, the combination of the volume of attacks with the number of different malware families has led to the campaign being named ‘Hornet’s Nest’. The ...
- Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry
December 18, 2019
Mining, transportation, refining, distribution—the oil and gas industry has a widespread and complicated production chain that can be difficult to comprehensively defend. Risks come from all sides: extreme weather can affect transportation, politics (global and local) can impact production, and physical attacks on infrastructure can actually threaten worker safety and even impact the world’s oil ...
- Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia
December 17, 2019
In late June 2018, Unit 42 revealed a previously unknown cyber espionage group we dubbed Rancor, which conducted targeted attacks in Southeast Asia throughout 2017 and 2018. In recent attacks, the group has persistently targeted at least one government organization in Cambodia from December 2018 through January 2019. While researching these attacks, we discovered an undocumented, ...
- Lazarus pivots to Linux attacks through Dacls Trojan
December 17, 2019
Lazarus, an advanced persistent threat (APT) group, has expanded its reach with the development and use of a Trojan designed to attack Linux systems. The APT, suspected to hail from North Korea, has previously been connected to global cyberattacks and malware outbreaks including the infamous WannaCry rampage, the $80 million Bangladeshi bank heist, and a new campaign impacting financial institutions worldwide. Recent reports ...