The PolySwarm Blog

Verticals Targeted: Cryptocurrency, Gaming, Social Messaging, Enterprise Systems
Regions Targeted: Russia
Related Families: WebRAT (aka Salat Stealer)

Executive Summary

CrystalX RAT is a newly identified malware-as-a-service (MaaS) platform combining traditional remote access, credential theft, and surveillance capabilities with disruptive prankware features, signaling a shift toward multi-purpose, user-impacting cybercrime tooling. It has been observed targeting consumer endpoints, cryptocurrency users, gaming and messaging platforms, and general enterprise users across Russia, with the potential for global reach.

Verticals Targeted: Government, Academia
Regions Targeted: India
Related Families: None

Executive Summary

APT36, also known as Transparent Tribe, a Pakistan-aligned threat actor, has launched a targeted cyber espionage campaign against Indian governmental, academic, and strategic entities using sophisticated deception techniques. The operation delivers a multi-stage Remote Access Trojan (RAT) through a weaponized LNK file disguised as a PDF, enabling persistent access, surveillance, and data exfiltration with minimal detection risk. The campaign has targeted government, academic, and strategic entities in India.

Verticals Targeted: Not specified 
Regions Targeted: US
Related Families: CastleLoader

Verticals Targeted: Financial
Regions Targeted: Hong Kong, United Arab Emirates, Lebanon, Malaysia, Jordan
Related Families: AsyncRAT, AwesomePuppet, Gh0st RAT

Executive Summary

GodRAT is a RAT derived from the Gh0st RAT codebase. It was observed targeting financial institutions via malicious .scr and .pif files distributed through Skype. Leveraging steganography and additional plugins like FileManager, GodRAT facilitates credential theft and system exploration.