A newly discovered malware can steal passwords, spy on you, rotate your screen and swap your mouse buttons just to let you know it is there

Cybersecurity experts have issued a warning about newly detected malware that plays ‘pranks’ but also has a much darker side that can steal your data and install spyware on your computer. 

Researchers from the Kaspersky Global Research & Analysis Team (GReAT) recently discovered the malware known as CrystalX RAT. 

The cybersecurity company warned that the pranking malware ‘won’t make you laugh, it’ll make you suffer’. 

According to a report from the company, CrystalX RAT is able to ‘collect a wide range of data about its victim’ and also poses a serious threat to cryptocurrency owners. 

The CrystalX RAT could be used for blackmail, and there are already victims out there

Fortunately, most of us are pretty savvy when it comes to staying safe online, making use of privacy tools and online services to help keep our data secure. 

But that doesn’t stop malicious developers from coming up with new malware and hacking tools designed to get their hands on your data. 

On April 1, cybersecurity experts Kaspersky published a report outlining the newly discovered CrystalX RAT malmare that could have devestating consequences. 

The team explained that it was being sold to third parties as malware-as-a-service and promoted on YouTube and Telegram, which means its likely fell into the hands of a wide range of bad actors, inclduning ‘less-skilled operators’. 

CrystalX RAT has an ‘extensive arsenal of capabilities’, according to Kaspersky and is able to collect a huge range of data, including ‘system information, extracts credentials for Steam, Discord and Telegram, and also harvests data from web browsers’. 

The team said it also poses a threat to cryptocurreny owners, as it has a browser-based clipper thatr replaces crypto wallet address. 

Alongside stealing your data, the malware can also be used for ‘full scale suervielliance’ and can take screenshots, capture footage from both the screen and webcam, and record audio, 

“Such a diverse feature set effectively enables a 360-degree compromise of the victim and a complete loss of privacy,” senior security researcher at Kaspersky GReAT Leonid Bezvershenko said in a statement.  

“Beyond gaining access to account credentials, the stolen data could potentially be used for blackmail. At the moment, the initial infection vector is not precisely known, but it is already affecting dozens of victims. Our telemetry is already detecting new versions of the implants, indicating that this malware is still actively developed and maintained.

“We expect the number of victims to grow significantly and its geographic spread to expand in the near future.”

And to add insult to injury it also plays pranks on victims

What makes CrystalX RAT different to other malware that’s already out there is its ‘prankware’ capabilities.

The prankware element allows operators to interact with the victim’s computer in real-time to troll and annoy them. 

These so-called pranks, include the ability to rotate a victim’s screen 90°, 180°, or 270°; performing a system shutdown’ changing the desktop background; making the cursor shake; swapping over the left and right mouse click; and disconnecting the monitor. 

“These features introduce a disruptive and psychological dimension to the attack, making the attack both visible and distressing for the victim,” Kaspersky noted in its report. 

What can you do to keep yourself safe from the malware?

To keep your computer and your data safe, the cybersecurity experts from Kaspersky recommend that you remain cautious when opening or downloading files sent via messaging apps or email, and only download and install games from reputable websites. 

You can also go into Settings on Windows and enable ‘show file extensions’, making it easier to spot potentially harmful files. 

“As Trojans are programs, you should be warned to stay away from file extensions like ‘exe’, ‘vbs’ and ‘scr’. 

“Cybercriminals could use several extensions to masquerade a malicious file as a video, photo, or a document,” the company explains.

The team also recommends investing in a strong security service for your computer.

DISCOVER SBX CARS: The global premium car auction platform powered by Supercar Blondie