At its annual Cyber Security Weekend for the Middle East, Türkiye, and Africa (META) region, Kaspersky announced the discovery of GriffithRAT, a newly identified and sophisticated piece of malware.
This tool has been used in cyber campaigns targeting fintech firms, online trading platforms, and foreign exchange services across the globe, with confirmed victims in the UAE, Egypt, Türkiye, and South Africa.
The malware is distributed via Skype and Telegram, typically disguised as documents containing financial trend analyses or investment advice.
These deceptive files are aimed at both corporate entities and individual traders, who may unknowingly install the malware.
Once active on a device, GriffithRAT enables attackers to extract login credentials, take screenshots or webcam footage, record keystrokes, and monitor user activity.
This information can then be exploited for various purposes, including corporate espionage and the tracking of individuals or valuable assets.
Kaspersky researchers have been monitoring GriffithRAT for over a year and believe it is associated with cyber mercenary activity, where threat actors are contracted to carry out targeted attacks, often with financial or strategic motives.
Technical analysis shows notable similarities between GriffithRAT and previous intrusions involving DarkMe, a known remote access trojan commonly used in mercenary-led cyber operations.
“This discovery highlights the growing sophistication and commercialisation of cyberthreats,”
said Maher Yamout, Lead Security Researcher at Kaspersky.
“GriffithRAT is not the work of random hackers, it is a maintained piece of malware and part of a broader trend where cyber mercenaries are hired to collect sensitive information, often for financial or strategic advantage. The data harvested could offer visibility into the inner workings of major organisations, provide unethical competitive advantage, and may also be sold on the dark web. It is a reminder that in today’s threat landscape, cybercrime is increasingly professional, targeted, and persistent.”
To mitigate risks, Kaspersky recommends individuals exercise caution when downloading files, particularly from messaging platforms and social media, and to verify them with reliable cybersecurity tools.
Users and organisations are encouraged to improve their awareness of cyber threats through regular training and to adopt safe digital practices, such as securing accounts with strong authentication measures.
Additionally, tools like Kaspersky Threat Intelligence may help organisations better understand not just the malware, but the actors behind it, by offering access to a broad range of intelligence insights.
Featured image credit: Edited by Fintech News Middle East, based on image by Freepik
