At its recent Cyber Security Weekend for the Middle East, Turkiye, and Africa (META) region, Kaspersky announced the discovery of GriffithRAT, a new, highly sophisticated piece of malware that’s been targeting fintech companies, online trading platforms, and betting operators around the world — with incidents reported in the UAE, Egypt, Turkiye, and South Africa.
Malware Delivered via Messaging Apps
GriffithRAT is being spread through popular communication platforms like Skype and Telegram, often disguised as files offering financial trend reports or investment advice. These deceptive files trick both individuals and organizations into downloading the malware. Once installed, GriffithRAT enables attackers to:
-
Steal login credentials
-
Record keystrokes
-
Capture screenshots and webcam footage
-
Monitor overall user activity
The information gathered can be misused in various ways — from corporate espionage and competitive intelligence gathering to personal surveillance and data resale on the dark web.
Linked to Cyber Mercenary Activity
Kaspersky researchers have been tracking GriffithRAT for over a year. Evidence suggests the malware is part of operations conducted by cyber mercenaries — threat actors who are hired by third parties to launch targeted attacks, often motivated by financial or strategic interests.
Technical similarities between GriffithRAT and DarkMe, another well-known remote access Trojan (RAT) associated with mercenary-led campaigns, further support this conclusion.
Expert Insight from Kaspersky
“This discovery underlines the increasing sophistication and commercialization of cyber threats,” said Maher Yamout, Lead Security Researcher at Kaspersky. “GriffithRAT is not just another random malware — it’s a well-maintained tool, part of a broader trend where cyber mercenaries are contracted to extract sensitive data for profit or strategic advantage.”
He added that the stolen data could provide deep insights into organizational operations, offer unethical competitive edges, or be traded on the dark web — emphasizing the urgent need for robust cybersecurity strategies.
Kaspersky’s Recommendations for Protection
To guard against threats like GriffithRAT, Kaspersky recommends the following:
-
Scrutinize downloads: Always verify downloaded files using trusted cybersecurity tools such as Kaspersky Premium for individuals or Kaspersky Next for enterprises, which offer advanced threat detection and centralized security management.
-
Exercise caution on messaging platforms: Be vigilant when interacting on social media or instant messaging services, as these are now common vectors for malware distribution, alongside phishing emails.
-
Leverage threat intelligence: Use platforms like Kaspersky Threat Intelligence to gain deep insights into malware behavior and the threat actors behind attacks. This provides tactical, operational, and strategic intelligence to strengthen defenses.
-
Raise cybersecurity awareness: Regularly train yourself and your employees on best practices, such as proper password hygiene and recognizing suspicious content, to build a security-first culture.
In today’s cyber landscape, where threats are increasingly targeted and professionally executed, staying informed and proactive is key to effective defense.
