Dark Crystal RAT

Dark Crystal RAT Description

The Dark Crystal malware is a RAT (Remote Access Trojan), which appears to be developed by shady but high-skilled individuals originating from Russia. The Dark Crystal hacking tool was being sold on a website called ‘hxxp://dcrat9dot)ru.’ However, this site does not offer the Dark Crystal RAT currently, and, instead, hosts a humorous, profanity-ridden Q&A written entirely in Russian.

Despite the fact that the initial website associated with the distribution of the Dark Crystal RAT does not appear to offer it anymore, it does not mean that the hacking tool is not offered on various other dodgy sites and forums. Since the Dark Crystal threat is offered as a product, it is likely that a significant mass of users may be affected, as an unknown number of cyber crooks are propagating it. Individuals who are interested in purchasing the Dark Crystal RAT can obtain the basic package and then opt to invest in more modules that would further weaponize the hacking tool. Some of the additional modules offered by the authors of the Dark Crystal threat include advanced keyloggers, infostealers, alternative data exfiltration techniques, etc. Selling hacking tools as a product makes the life of their creators far easier than if they had to use and propagate them. Deploying threats like the Dark Crystal RAT is not only time-consuming but also includes some level of risk for the cyber crooks – selling it to other cybercriminals eliminates these cons.

The Dark Crystal RAT is a very advanced hacking tool that has a long list of capabilities, which include:

  • Running remote commands.
  • Collecting the user’s keystrokes.
  • Collecting cookies from the user’s Web browsers.
  • Opening a chat box to communicate with the victim.
  • Managing the file system.
  • Recording video via the webcam.
  • Recording audio via the microphone.
  • Collecting clipboard data.
  • Initializing a remote-control connection.
  • Downloading or uploading files from the attackers’ C&C (Command & Control) server to the infected host and vice-versa.
  • Executing DDoS or UDP/TCP flood attacks by using all available online victims.
  • Opening URLs via the default Web browser of the user.
  • Managing active processes.
  • Compiling and executing C# code.

Having in mind that the Dark Crystal threat is likely going to be propagated differently by different cybercriminals utilizing it, it is safe to assume that the infection vectors are going to vary. They may include phishing emails, fake social media posts, malvertising, bogus application downloads or updates, fraudulent pirated copies of popular software services, etc. Make sure your computer is protected by a reputable anti-virus tool that will not allow threats like the Dark Crystal RAT to compromise your system.