Kaspersky revealed the discovery of GriffithRAT – a new and highly sophisticated malware used in campaigns targeting fintech companies, online trading platforms, and Forex exchange services worldwide, with victims in the UAE, Egypt, Turkiye, and South Africa.
Distributed via Skype and Telegram channels, GriffithRAT is typically disguised as files containing financial trend analysis or investment advice. These deceptive tactics target both organizations and individual traders who unknowingly download the malware. Once downloaded, it enables attackers to steal login credentials, capture screenshots/webcam stream, log keystrokes, and monitor user activity. The stolen data can be exploited in a variety of ways, ranging from gathering competitive business intelligence to tracking individuals or valuable assets – highlighting the broad potential for misuse.
Kaspersky researchers have been monitoring GriffithRAT for over a year and link it to cyber mercenary operations, where threat actors are contracted by third parties to conduct targeted attacks – often driven by motives such as corporate espionage.
This connection is reinforced by technical analysis, which shows strong similarities between GriffithRAT and DarkMe intrusions, a known remote access Trojan (RAT) commonly used in mercenary-led cyber campaigns.
“This discovery highlights the growing sophistication and commercialization of cyberthreats,” said Maher Yamout, Lead Security Researcher at Kaspersky. “GriffithRAT is not the work of random hackers, it is a maintained piece of malware and part of a broader trend where cyber mercenaries are hired to collect sensitive information, often for financial or strategic advantage. The data harvested could offer visibility into the inner workings of major organizations, provide unethical competitive advantage, and may also be sold on the dark web. It is a reminder that in today’s threat landscape, cybercrime is increasingly professional, targeted, and persistent.”
To stay protected, Kaspersky advises individuals to:
- Be attentive to the files you download, check them with reputable cybersecurity software, such as Kaspersky Premium for individual users and Kaspersky Next for businesses, that helps detect complex threats, respond automatically, and manage security across all devices, networks, and cloud systems from one place.
- Be extra cautious when dealing with social media and instant messaging apps; hackers use such mediums to deliver malware in addition to the common phishing emails.
- Use Kaspersky Threat Intelligence to go beyond the malware and understand the threat actors behind it. By combining diverse data sources and expert research, the portal offers actionable insights – giving access to tactical, operational, and strategic intelligence to stay secure in a dynamic threat landscape.
- Improve your and your employees’ security awareness on a regular basis and encourage safe practices, such as proper account protection.
