VulnHub

Real-time Cybersecurity News

CrystalRAT malware-as-a-service offers remote access and prankware features

SCM feed for Latest
Actively Exploited
MalwareKaspersky

Overview

CrystalRAT is a new type of malware that has emerged in 2023, functioning as a malware-as-a-service platform. It operates on a subscription model, allowing users to access its capabilities, which include remote access to infected systems and features designed for pranks. Researchers from Kaspersky have noted that CrystalRAT bears a strong resemblance to an earlier malware called WebRAT. This is concerning as it lowers the barrier for entry for cybercriminals, enabling even those with limited technical skills to launch attacks. The rise of such services poses a growing threat to individuals and organizations, as they can be exploited for a variety of malicious purposes including data theft and system manipulation.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: CrystalRAT malware, potentially affecting any system it infects.
  • Action Required: Users should ensure their systems are protected with updated antivirus software and be cautious of suspicious downloads and links.
  • Timeline: Newly disclosed

Original Article Summary

CrystalRAT, which first appeared in January, operates on a tiered subscription model and shares significant similarities with the WebRAT (Salat Stealer) malware, according to Kaspersky researchers.

Impact

CrystalRAT malware, potentially affecting any system it infects.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should ensure their systems are protected with updated antivirus software and be cautious of suspicious downloads and links.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware, Kaspersky.

Read Original Article

Related Coverage

House Dems decry confirmed ICE usage of Paragon spyware

CyberScoop

Three Democratic lawmakers have criticized the Immigration and Customs Enforcement (ICE) agency for its confirmed use of Paragon spyware. The Democrats expressed concerns over the potential misuse of this technology and the implications it has for privacy and civil liberties. Their dissatisfaction stems from ICE's responses regarding how the spyware may be deployed in immigration enforcement operations. This issue raises significant questions about surveillance practices and the impact on communities, particularly immigrant populations. As the debate continues, it highlights the need for transparency and accountability in government surveillance activities.

Apr 2, 2026

Claude Code leak used to push infostealer malware on GitHub

BleepingComputer

Recent leaks of the Claude Code source code have been exploited by cybercriminals to distribute Vidar information-stealing malware through fraudulent GitHub repositories. Attackers are creating fake repositories that appear legitimate, luring unsuspecting users into downloading the malicious software. This situation puts many users at risk, especially those who might be searching for the leaked code or related tools on GitHub. The Vidar malware is known for stealing sensitive information such as login credentials and personal data. Users should be cautious when downloading software from unofficial sources and verify the legitimacy of repositories before proceeding.

Apr 2, 2026

Not Toying Around: Hasbro Attack May Take 'Weeks' to Remediate

darkreading

Hasbro has reported unauthorized access to its systems, leading the company to activate its business continuity plans and take some systems offline. The incident was disclosed in an 8-K filing, indicating that the attack has had a significant impact on the company's operations. While specific details about the nature of the attack or the data involved have not been released, the company expects that remediation could take weeks. This incident raises concerns about the security of sensitive information within major corporations and highlights the ongoing risks businesses face from cyber threats. Stakeholders are advised to stay informed as the situation develops.

Apr 2, 2026

4 steps teams can take to mitigate Iranian cyberattacks on critical infrastructure

SCM feed for Latest

As tensions rise due to ongoing conflicts, cybersecurity experts warn about the increased risk of Iranian cyberattacks targeting critical infrastructure. Many organizations have not yet assessed their operational technology (OT) networks for potential vulnerabilities linked to Iranian cyber activities. To mitigate these risks, teams are advised to take proactive steps, including conducting thorough security assessments, implementing robust monitoring systems, and ensuring that incident response plans are up to date. These measures are vital to safeguard essential services and prevent potential disruptions that could have significant repercussions on public safety and national security. Organizations must remain vigilant and prepared as the geopolitical landscape evolves.

Apr 2, 2026

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

The Hacker News

A significant credential harvesting campaign has been detected, utilizing the React2Shell vulnerability (CVE-2025-55182) to gain access to sensitive data from 766 Next.js hosts. Attackers are stealing various credentials, including database logins, SSH private keys, AWS secrets, Stripe API keys, and GitHub tokens. This operation has been linked to a threat group that Cisco Talos is monitoring. The widespread nature of this breach is concerning, as it affects a range of developers and companies using Next.js, potentially compromising their applications and user data. Companies need to be vigilant and take immediate steps to secure their systems against this threat.

Apr 2, 2026

Thousands of API credentials exposed on public websites

SCM feed for Latest

A recent study conducted by researchers from Stanford University, the University of California, Davis, and TU Delft revealed that thousands of API credentials have been exposed on public websites. Using a tool called TruffleHog, the researchers scanned various sites and discovered sensitive information that could be exploited by malicious actors. This exposure poses significant risks as attackers could gain unauthorized access to systems and data. The findings underscore the need for companies to implement better security practices, such as using environment variables and secure storage solutions for API keys. The research serves as a warning for developers and organizations to regularly audit their code and remove any sensitive information from public repositories.

Apr 2, 2026