Kaspersky has unveiled the discovery of GriffithRAT, a sophisticated malware actively targeting fintech companies, online trading platforms, and Forex exchange services globally, including victims in Egypt, the UAE, Turkey, and South Africa.
Distributed through Skype and Telegram channels, GriffithRAT often masquerades as files offering financial trend analyses or investment advice. These deceptive tactics aim at both organizations and individual traders who inadvertently download the malware.
Upon installation, it allows attackers to steal login credentials, capture screenshots and webcam streams, log keystrokes, and monitor user activity. The stolen data can be exploited for various malicious purposes, such as gathering competitive intelligence or tracking individuals and valuable assets.
Kaspersky researchers have been monitoring GriffithRAT for over a year and associate it with cyber mercenary operations, where threat actors are contracted by third parties to conduct targeted attacks, often driven by motives like corporate espionage.
Technical analysis reveals strong similarities between GriffithRAT and DarkMe intrusions, a known remote access Trojan (RAT) commonly used in mercenary-led cyber campaigns.
Maher Yamout, Lead Security Researcher at Kaspersky, stated: “This discovery underscores the increasing sophistication and commercialization of cyber threats. GriffithRAT is not the work of random hackers; it is a maintained piece of malware and part of a broader trend where cyber mercenaries are hired to collect sensitive information, often for financial or strategic advantage.
The data harvested could offer visibility into the inner workings of major organizations, provide unethical competitive advantage, and may also be sold on the dark web. It is a reminder that in today’s threat landscape, cybercrime is increasingly professional, targeted, and persistent.”
To safeguard against such threats, Kaspersky advises individuals and businesses to
Exercise caution when downloading files, especially from messaging platforms like Skype and Telegram.
Utilize reputable cybersecurity software, such as Kaspersky Premium for individuals and Kaspersky Next for businesses, to detect complex threats and manage security across all devices and networks.
Leverage Kaspersky Threat Intelligence to understand the threat actors behind malware and gain actionable insights.
Regularly enhance security awareness and encourage safe practices, such as proper account protection.
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyber threats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise continuously transform into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments worldwide.
The company’s comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, and Cyber Immune solutions to combat sophisticated and evolving digital threats. Kaspersky helps millions of individuals and over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
