Kaspersky Uncovers “GriffithRAT”: A Sophisticated Malware Targeting Fintech and Online Trading Platforms
Global cybersecurity firm Kaspersky has uncovered a newly identified and highly advanced malware campaign targeting the global fintech sector, including online trading platforms and Forex exchange services. Dubbed GriffithRAT, the malware has already compromised victims in countries such as the UAE, Egypt, Türkiye, and South Africa.
According to Kaspersky researchers, GriffithRAT is being distributed primarily through Skype and Telegram, often disguised as files offering financial trend analysis or investment advice. Once unsuspecting users download and execute these deceptive files, the malware silently activates, enabling attackers to steal login credentials, log keystrokes, capture screenshots and webcam streams, and monitor ongoing user activity.
Kaspersky’s analysis links GriffithRAT to the world of cyber mercenary operations, where threat actors are hired by third parties—often for corporate espionage or financial intelligence gathering. The malware bears significant technical resemblance to DarkMe, a known remote access trojan (RAT) frequently used in mercenary-led cyber campaigns.
Maher Yamout, Lead Security Researcher at Kaspersky, commented:
“This discovery highlights the growing sophistication and commercialization of cyberthreats. GriffithRAT is not the product of opportunistic hackers—it is a professionally maintained malware tool. It reflects a broader trend in which cyber mercenaries are contracted to collect sensitive business data for financial or strategic gain. The potential misuse of the harvested data—from gaining unethical business advantages to resale on the dark web—poses a serious threat to the fintech industry and beyond.”
Key Protective Recommendations by Kaspersky:
Exercise caution when downloading files, especially from social or messaging apps. Use trusted cybersecurity tools like Kaspersky Premium for individuals and Kaspersky Next for businesses.
Stay vigilant on messaging platforms such as Telegram and Skype, which are increasingly being used to deliver malware.
Leverage threat intelligence platforms like Kaspersky Threat Intelligence Portal to understand the actors, tactics, and motives behind advanced threats.
Promote cybersecurity awareness across organizations with regular training and reinforce best practices, such as multi-factor authentication and strong password management.