Securelist | Kaspersky’s threat research and reports
Published: 2026-03-10 · Archived: 2026-04-05 17:17:23 UTC
Kaspersky researchers analyze a new CrystalX RAT distributed as MaaS and featuring extensive spyware, stealer,
and prankware capabilities.
Threats
https://www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware
Page 1 of 5

Latest Posts
Webinars
https://www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware
Page 2 of 5

https://www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware
Page 3 of 5

Register to Access All Kaspersky Webinars
Kaspersky Security Bulletin contains statistics on various cyberthreats for the period from November 2024 to
October 2025, which are based on anonymized data voluntarily provided by Kaspersky users via Kaspersky
Security Network (KSN).
Reports
Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka
Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.
https://www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware
Page 4 of 5

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a
kernel-mode rootkit to deliver and protect a ToneShell backdoor.
Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with
DPAPI and RC5, as well as the MgBot implant.
Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their
signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.
Source: https://www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware
https://www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware
Page 5 of 5