GriffithRAT is typically disguised as files containing financial trend analysis or investment advice. These deceptive tactics target both organizations and individual traders who unknowingly download the malware.
Once downloaded, it enables attackers to steal login credentials, capture screenshots/webcam streams, log keystrokes, and monitor user activity. The stolen data can be exploited in a variety of ways, ranging from gathering competitive business intelligence to tracking individuals or valuable assets.
Cybersecurity researchers have been monitoring GriffithRAT for over a year and linking it to cyber mercenary operations, where threat actors are contracted by third parties to conduct targeted attacks, often driven by motives such as corporate espionage.
Kaspersky advises individuals to
- Be attentive to the files you download; check them with reputable cybersecurity software.
- Be extra cautious when dealing with social media and instant messaging apps; hackers use such mediums to deliver malware in addition to the common phishing emails.
- Improve your and your employees’ security awareness on a regular basis and encourage safe practices, such as proper account protection.
- Always verify the authenticity of websites before entering any personal information. Stick to trusted, official pages when watching or downloading content, and double-check URLs and company name spellings to avoid phishing sites.
- Be cautious about the file extensions you’re downloading. Video files should not have .exe or .msi extensions.
