Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content



Also known as: DarkCrystal RAT

Category: Malware

Type: Remote Access Trojan

Platform: Windows


Damage potential: Data theft , espionage, remote control and surveillance, botnet participation


DarkCrystal RAT, or DCRAT, is a type of malware that allows cybercriminals to control a compromised device remotely. With DCRAT, attackers can monitor user activity, activate hardware such as a mouse, webcam, or microphone, access files, steal sensitive data, or add the infected device to a botnet and launch DDoS attacks.

Possible symptoms

The symptoms of a DCRAT infection might vary, but here are some common signs to watch out for:

  • System slowdowns, crashes, and freezes.

  • Unusual network traffic.

  • Files being moved, modified, or removed without user interaction.

  • Mouse cursor moving on its own.

  • Programs starting or stopping unexpectedly.

  • Webcam or microphone switching on without user interaction.

  • Frequent error messages.

Sources of infection

DCRAT typically spreads through phishing emails with malicious Microsoft Word documents, downloads from malware-hosting websites, malvertising, or peer-to-peer sharing of infected files.


Always browse with caution to protect yourself from DCRAT.


If you think you might have DCRAT on your device, you need to act promptly:

  • Disconnect your device from the internet to prevent DCRAT from communicating with its command and control server.

  • Boot into safe mode.

  • Run a full system scan using a reputable antivirus solution.

  • Follow the instructions provided by your antivirus software to isolate and remove the malware.

Consult an IT professional if you don’t feel confident handling the removal yourself.

Ultimate digital security