Cybersecurity researchers at Kaspersky have identified a newly emerging remote access trojan (RAT) known as ‘CrystalX’, warning that the malware combines powerful surveillance capabilities with unusual prank features designed to intimidate victims.

Discovered by Kaspersky’s Global Research and Analysis Team (GReAT), CrystalX is being distributed through an active malicious campaign and is already affecting multiple users.

The malware is also being marketed as a malware-as-a-service (MaaS) tool on platforms such as YouTube and Telegram, lowering the barrier for cybercriminals to deploy it.

Unlike traditional RATs, CrystalX integrates several malicious tools into a single package. It functions simultaneously as a data stealer, keylogger, spyware, and clipper, thereby enabling attackers to gain deep access to victims’ systems.

What can the malware do?

The malware can collect system information and browser data, extract login credentials from platforms like Steam, Discord, and Telegram and also replace cryptocurrency wallet addresses to redirect funds.

According to Kaspersky, it can capture screenshots, audio, and video from infected devices.

This broad functionality gives attackers near-total visibility into a victim’s digital life, raising concerns about identity theft, financial fraud, and potential blackmail.

Prankware’

What sets CrystalX apart is its unusual ‘prankware’ component. Beyond silent surveillance, attackers can actively manipulate a victim’s device in real time.

Related News

These features include shaking the mouse cursor, changing wallpapers or screen orientation, hiding desktop icons, forcing system shutdowns and sending disruptive pop-up messages.

Researchers say these capabilities are intentionally designed to make the attack visible, creating a psychological effect that can distress victims while the data theft continues in the background.

Growing threat

Kaspersky warns that the malware is still evolving, with new variants already detected. While the initial infection method remains unclear, the company expects the number of victims and geographic spread to increase.

Security experts say the commercialisation of tools like CrystalX reflects a broader trend in cybercrime, where sophisticated malware is increasingly accessible to less-skilled attackers.

How to stay protected

Kaspersky advises users to avoid downloading files from untrusted sources and be cautious with email attachments and links.

It also said install apps and games only from official platforms and use reliable security software and enable file extension visibility.

As cyber threats grow more complex and interactive, user awareness remains a critical line of defense.

More from our Technology Column
Read Next
1002500573

Kulipa raises $6.2m to bring stablecoin spending into everyday payments

By Folake Balogun • April 2, 2026

Folake Balogun is a tech journalist covering Africa’s fast-growing digital economy with a strong focus on incisive analysis of startup trends, venture capital, and fintech innovation, while also exploring emerging technologies such as artificial intelligence and the future of connectivity by highlighting their economic and social impact.

Join BusinessDay whatsapp Channel, to stay up to date

Open In Whatsapp