Cybersecurity giant Kaspersky today revealed a new, highly advanced malware. They named it GriffithRAT. The firm made the announcement at its annual Cyber Security Weekend. This event focuses on the Middle East, Türkiye, and Africa (META) region. GriffithRAT campaigns target fintech companies worldwide. Online trading platforms and betting companies are also in its sights. Affected countries include the UAE, Egypt, Türkiye, and South Africa.

Attackers distribute GriffithRAT through Skype and Telegram channels. The malware often hides within seemingly legitimate files. These files promise financial trend analysis. Sometimes they offer investment advice. These deceptive tactics target both organizations and individual investors. Unsuspecting users download the malicious software. Once installed, GriffithRAT grants attackers extensive control. They can steal login credentials. They capture screen and webcam images. The malware records keystrokes. It also monitors all user activity.

Kaspersky warns the stolen data serves various nefarious purposes. Attackers use it for competitive business intelligence gathering. They can also track specific individuals. Valuable assets can also become targets. This highlights a broad potential for abuse. Kaspersky researchers have monitored GriffithRAT for over a year. They associate it with cyber-mercenary operations. These groups often contract with third parties. The third parties then conduct targeted attacks. Corporate espionage frequently motivates these attacks.

Researchers found strong similarities between GriffithRAT and DarkMe

Technical analysis further supports this mercenary connection. Researchers found strong similarities between GriffithRAT and DarkMe. DarkMe is a known Remote Access Trojan (RAT). Mercenary-led cyber campaigns commonly use DarkMe. This link paints a concerning picture.

Maher Yamout is a Security Researcher at Kaspersky. He provided critical insights. “This discovery highlights increasing cyber threat complexity,” Yamout stated. “It also shows threat commercialization.” He emphasized GriffithRAT is not random hackers’ work. “It is part of regularly maintained malware,” Yamout continued. “Cyber-mercenaries usually rent it out.” Their goal is financial or strategic advantage. They achieve this by collecting sensitive information.

Yamout further explained the data’s value. “Collected data can offer visibility into large organizations’ inner workings.” He added, “It can provide an unethical competitive advantage.” Furthermore, attackers can sell the gathered information on the dark web. “This situation reminds us of today’s threat landscape,” Yamout concluded. “Cybercrime is increasingly professional, targeted, and persistent.”

To combat this threat, Kaspersky recommends several measures. Users must carefully scrutinize downloaded files. Check them with reputable cybersecurity software. Kaspersky Premium serves individual users. Kaspersky Next assists businesses. This software detects complex threats. It responds automatically. It manages security across devices, networks, and cloud systems.

Exercise greater caution when using social media. Instant messaging applications also pose risks. Hackers use these platforms for malware distribution. This is in addition to common phishing emails. Kaspersky also suggests using its Threat Intelligence service. This service helps understand threat actors behind malware. It combines diverse data sources and expert research. The portal provides actionable tactical, operational, and strategic intelligence. This helps users stay safe in a dynamic threat environment. Finally, regularly increase security awareness. This applies to both individuals and employees. Promote safe practices, such as appropriate account protection. Vigilance remains the first line of defense.