A Sophisticated Malware Targeting Fintech and Online Trading Platforms Uncovered
Cybersecurity firm Kaspersky has discovered a new and highly sophisticated malware used in campaigns targeting fintech companies, and online trading platforms worldwide, including in the UAE, Egypt, Turkiye and South Africa.
Distributed via Skype and Telegram channels, the malware, known as GriffithRAT, is typically disguised as files containing financial trend analysis or investment advice. These deceptive tactics target both organisations and individual traders who unknowingly download the malware.
Once downloaded, it enables attackers to steal login credentials, capture screenshots/webcam stream, log keystrokes, and monitor user activity. The stolen data can be exploited in a variety of ways, ranging from gathering competitive business intelligence to tracking individuals or valuable assets – highlighting the broad potential for misuse.
Kaspersky researchers say they have been monitoring GriffithRAT for over a year and link it to cyber mercenary operations, where threat actors are contracted by third parties to conduct targeted attacks, often driven by motives such as corporate espionage.
“This discovery highlights the growing sophistication and commercialisation of cyberthreats,” said Maher Yamout, Lead Security Researcher at Kaspersky. “GriffithRAT is not the work of random hackers, it is a maintained piece of malware and part of a broader trend where cyber mercenaries are hired to collect sensitive information, often for financial or strategic advantage.’’
In a world where a staggering 5.6 billion cyber incidents were reported in 2024, up from just 731 million the previous year, and an astounding 176 accounts were breached every second, the importance of robust cybersecurity for online platforms has never been clearer. This reality has pushed fintechs and brokers to harden their defenses and reassure clients in volatile financial markets.
These players have taken a comprehensive approach to platform security, starting with fundamental protections such as SSL encryption, segregated client accounts, and stringent KYC/AML protocols that help protect both funds and identities.
They have gone further by leveraging a Web Application Firewall and DDoS defenses to shield their infrastructure from cyber threats and network disruptions. Some, like Exness, have even embraced a “Zero Trust” security framework, an approach that treats no IT component as inherently trustworthy, and hosts an external bug bounty program to proactively uncover vulnerabilities.
To stay protected, fintechs and online trading platforms need to be extra cautious when dealing with social media and instant messaging apps; hackers use such mediums to deliver malware in addition to the common phishing emails.
“With the latest cybersecurity threats which focus specifically on the fintech industry, we are taking extra precautions to ensure the safety of our clients’ data and funds. To strengthen our defenses against even the most sophisticated attacks, we deploy a multiprong solution. At the infrastructure level, we use a Web Application Firewall and DDoS defenses. At the user level, we use time-tested and effective SSL encryption, segregated client accounts, and strict KYC/AML protocols to effectively eliminate the threat of identity theft,” says Terence Hove, Senior Financial Markets Strategist at Exness, about the latest cybersecurity threats targeting specifically online trading platforms and fintech firms.
Go to TECHTRENDSKE.co.ke for more tech and business news from the African continent.
Follow us on WhatsApp, Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke
TechTrends Media Podcasts
