CrystalRAT Telegram-promoted malware-as-a-service
Malware Activity
Summary
Hide ▲
Show ▼
The CrystalRAT malware-as-a-service is being promoted on Telegram and YouTube with remote access, data theft, keylogging, and clipboard hijacking, increasing the risk of credential and wallet theft on infected systems. The offer uses a tiered subscription model and adds prankware features that can distract victims while theft modules operate. It also includes a control panel and automated builder that make deployment and customization easier for operators.
Related Happenings
Discord defaults voice and video calls to end-to-end encryption
Security Tool/Service
First: 19.05.2026 23:37
Last: 19.05.2026 23:37
Sources 1
About this happening:
**Discord** has made **end-to-end encryption (E2EE)** the default for **voice and video calls**, strengthening privacy across a widely used communications platform. The rollout wa...
Discord defaults voice and video calls to end-to-end encryption
Security Tool/ServiceAbout this happening: **Discord** has made **end-to-end encryption (E2EE)** the default for **voice and video calls**, strengthening privacy across a widely used communications platform. The rollout wa...
Gremlin stealer modular toolkit evolution
Malware Activity
First: 15.05.2026 17:19
Last: 15.05.2026 17:19
Sources 1
About this happening:
The **Gremlin stealer** malware has expanded into a **modular toolkit** with **session-hijacking** and **crypto clipping** capabilities, raising the risk of credential theft and a...
Gremlin stealer modular toolkit evolution
Malware ActivityAbout this happening: The **Gremlin stealer** malware has expanded into a **modular toolkit** with **session-hijacking** and **crypto clipping** capabilities, raising the risk of credential theft and a...
REMUS underground ecosystem shift changes threat-actor operations
Threat Actor Meta
First: 15.05.2026 17:02
Last: 15.05.2026 17:02
Sources 1
About this happening:
The **REMUS underground operation** is turning **REMUS** into a continuously updated **MaaS** product, increasing **operational scalability** and monetization risk across undergro...
REMUS underground ecosystem shift changes threat-actor operations
Threat Actor MetaAbout this happening: The **REMUS underground operation** is turning **REMUS** into a continuously updated **MaaS** product, increasing **operational scalability** and monetization risk across undergro...
REMUS infostealer browser-session and password-manager collection expansion
Malware Activity
First: 15.05.2026 17:02
Last: 15.05.2026 17:02
Sources 1
About this happening:
**REMUS** expanded its **session-theft** and **password-manager** collection capabilities, increasing the malware’s ability to capture authenticated access and browser-side data....
REMUS infostealer browser-session and password-manager collection expansion
Malware ActivityAbout this happening: **REMUS** expanded its **session-theft** and **password-manager** collection capabilities, increasing the malware’s ability to capture authenticated access and browser-side data....
Vidar infostealer market rise and distribution expansion
Malware Activity
First: 28.04.2026 22:07
Last: 28.04.2026 22:07
Sources 1
About this happening:
**Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...
Vidar infostealer market rise and distribution expansion
Malware ActivityAbout this happening: **Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...
Timeline
-
02.04.2026 02:17 2 articles · 1mo ago
CrystalRAT Telegram-promoted malware-as-a-service
Initial DisclosureIn **January**, **CrystalRAT** appeared as a **tiered subscription** service and began being marketed on **Telegram**. The early offer centered on selling remote access and data-theft functions as a subscription product.
Show sources
- New CrystalRAT malware adds RAT, stealer and prankware features — www.bleepingcomputer.com — 02.04.2026 02:17
- New CrystalRAT malware adds RAT, stealer and prankware features — www.bleepingcomputer.com — 02.04.2026 02:17