In a major cybersecurity alert, global security firm Kaspersky has uncovered a dangerous new malware strain called GriffithRAT, posing a serious threat to the fintech sector. This Remote Access Trojan (RAT) is actively being used in targeted attacks against fintech companies, online trading platforms, and betting services.
Countries affected so far include the UAE, Egypt, Türkiye, and South Africa, regions known for their growing digital economies and financial markets.
GriffithRAT is transmitted covertly via messaging platforms such as Telegram and Skype. The documents that victims receive are often disguised as financial reports or investment recommendations, and they appear to be harmless. Upon opening, these files stealthily install malware on the system, granting hackers complete remote access to sensitive data.
What makes GriffithRAT especially dangerous is its wide range of capabilities. It can:
Steal login credentials and authentication tokens
Record keystrokes, capturing sensitive information like passwords
Take screenshots and even activate webcams
Monitor all user activity silently
With such features, the malware can be used for identity theft, corporate espionage and asset tracking.
Kaspersky’s investigation shows strong similarities between GriffithRAT and the malware used in earlier attacks linked to DarkMe, a known cyber mercenary group. Moreover, such data suggests GriffithRAT may be the work of professional threat actors hired by third parties, likely for data theft, surveillance, or commercial sabotage.
As GriffithRAT continues to spread, experts are urging businesses and individuals in the financial space to heighten their cybersecurity defenses. Key recommendations include:
GriffithRAT is a wake-up call for the global fintech industry. As financial services continue to go digital, robust security measures are no longer optional. The emergence of this malware highlights the increasing sophistication of cyber threats targeting the most critical sectors of our economy.