A laughing RAT: CrystalX combines spyware; stealer; and prankware features

In March 2026, a new MaaS active campaign was discovered promoting previously unknown malware in private Telegram chats. The Trojan features an extensive arsenal of capabilities. On the panel provided to third‑party actors, in addition to the standard features of RAT‑like malware, a stealer, keylogger, clipper, and spyware are also available.

Pulse ID: 69ccba2f8538ade72d6e71e6
Pulse Link: https://otx.alienvault.com/pulse/69ccba2f8538ade72d6e71e6
Pulse Author: AlienVault
Created: 2026-04-01 06:24:47

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #KeyLogger #MaaS #Malware #OTX #OpenThreatExchange #RAT #SpyWare #Telegram #Trojan #bot #AlienVault

BRUSHWORM and BRUSHLOGGER uncovered

A South Asian financial institution was targeted with two custom malware components: BRUSHWORM, a modular backdoor, and BRUSHLOGGER, a keylogger. BRUSHWORM features anti-analysis checks, encrypted configuration, scheduled task persistence, modular payload downloading, USB worm propagation, and extensive file theft. BRUSHLOGGER uses DLL side-loading to capture system-wide keystrokes with window context tracking. The malware's low sophistication and implementation flaws suggest an inexperienced author, possibly using AI code-generation tools. Multiple testing versions were discovered on VirusTotal, indicating iterative development. The malware components combine to create a functional collection platform with modular loading, USB propagation, broad file theft, air-gap bridging, and persistent keystroke capture.

Pulse ID: 69c643be1c9656febe1f3cc6
Pulse Link: https://otx.alienvault.com/pulse/69c643be1c9656febe1f3cc6
Pulse Author: AlienVault
Created: 2026-03-27 08:45:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #Asia #BackDoor #CyberSecurity #InfoSec #KeyLogger #Malware #OTX #OpenThreatExchange #RAT #Rust #SouthAsia #USB #VirusTotal #Worm #bot #AlienVault

MAAS VIP_Keylogger Campaign

Pulse ID: 69bb25d47c4b05ffd0337a9a
Pulse Link: https://otx.alienvault.com/pulse/69bb25d47c4b05ffd0337a9a
Pulse Author: Tr1sa111
Created: 2026-03-18 22:23:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #KeyLogger #MaaS #OTX #OpenThreatExchange #bot #Tr1sa111

MAAS VIP_Keylogger Campaign

A sophisticated keylogger campaign has been discovered, utilizing spear-phishing emails with attachments containing hidden malware. The campaign targets multiple countries, employing various packaging styles and execution methods. The malware, known as VIP_Keylogger, is delivered using steganography and process hollowing techniques. It focuses on stealing sensitive information from browsers, email clients, and other applications. The keylogger captures browser data, decrypts passwords, and exfiltrates information through multiple channels, including email. While some features appear disabled, the malware demonstrates advanced capabilities in data theft and evasion techniques.

Pulse ID: 69b7e0b1a4e3419dfc024013
Pulse Link: https://otx.alienvault.com/pulse/69b7e0b1a4e3419dfc024013
Pulse Author: AlienVault
Created: 2026-03-16 10:51:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #CyberSecurity #DataTheft #Email #InfoSec #KeyLogger #MaaS #Malware #OTX #OpenThreatExchange #Password #Passwords #Phishing #RAT #SpearPhishing #Steganography #Word #bot #AlienVault

ZeroDayRAT: il malware che copisce Android e iOS
#Android #CryptoStealer #CyberSecurity #iOS #iPhone #Keylogger #Malware #Phishing #Privacy #Sicurezza #Smartphone #Smishing #Spyware #ZeroDayRAT

https://www.ceotech.it/zerodayrat-il-malware-che-copisce-android-e-ios/