The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

CrystalX RAT Emerges as Multi-Functional MaaS Platform with Espionage, Theft, and Disruption Capabilities

Apr 13, 2026 3:08:43 PM / by The Hivemind posted in Threat Bulletin, Remote Access Trojan, MaaS malware, crypto clipper, keylogger trojan, Webcrystal RAT, CrystalX RAT, Telegram malware

0 Comments

Verticals Targeted: Cryptocurrency, Gaming, Social Messaging, Enterprise Systems
Regions Targeted: Russia
Related Families: WebRAT (aka Salat Stealer)

Executive Summary

CrystalX RAT is a newly identified malware-as-a-service (MaaS) platform combining traditional remote access, credential theft, and surveillance capabilities with disruptive prankware features, signaling a shift toward multi-purpose, user-impacting cybercrime tooling. It has been observed targeting consumer endpoints, cryptocurrency users, gaming and messaging platforms, and general enterprise users across Russia, with the potential for global reach.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More