Tag: remote access trojan

a computer on a desk
Security

Not in axios’s source — a hijacked maintainer account pushed a phantom dependency that installed a cross‑platform RAT

On March 31, 2026, attackers used a hijacked npm maintainer account to publish poisoned axios releases that exercised npm’s install lifecycle, not by altering axios source code but by adding a phantom dependency (plain-crypto-js@4.2.1) whose postinstall hook deployed a cross‑platform remote access trojan (RAT). The publication used stolen long‑lived npm tokens to bypass GitHub Actions […]

admin 
a computer desk with two monitors and a laptop
Security

CrystalRAT is not just prankware — Telegram-marketed MaaS that pairs RAT access, crypto clippers, and disruptive “Rofl” tricks

CrystalRAT (aka CrystalX RAT) is being sold openly on Telegram as an easy-to-use malware package, but calling it merely “prankware” misses the point: it is a modular malware-as-a-service that combines full remote access, clipboard-based cryptocurrency theft, and nuisance/psychological disruption into a single commercially marketed toolkit. Why the “prank” label understates the risk Security vendors and […]

admin