Breaking News
Kaspersky Detected a New Remote Access Trojan Targeting Financial Institutions Through Skype Messenger
Kaspersky’s Global Research and Analysis Team (GReAT) has uncovered GodRAT — a new Remote Access Trojan distributed via malicious screensaver files disguised as financial documents and delivered through Skype messenger until March 2025, subsequently transitioning to other channels. SMBs in UAE, Hong Kong, Jordan and Lebanon were targeted throughout this campaign.
The threat actor deployed a newly identified Remote Access Trojan (RAT) named GodRAT, which was found in a client’s source code on a popular online scanner, where it was uploaded in July, 2024. The archive, titled GodRAT V3.5_______dll.rar, also includes the GodRAT builder, capable of generating both executable and DLL payloads. This builder allows attackers to disguise the malicious payload by selecting legitimate process names (e.g. svchost.exe, cmd.exe, wscript.exe) for code injection and saving the final file in various formats, including .exe, .com, .bat, .scr, and .pif.
To evade detection, the attackers used steganography to embed shellcode within image files depicting financial data. This shellcode downloads the GodRAT malware from a Command-and-Control (C2) server. The RAT then establishes a TCP connection to the C2 server using the port specified in its configuration blob. It collects operating system details, local hostname, malware process name and process ID, the user account associated with the malware process, installed antivirus software, and the presence of a capture driver.
GodRAT supports additional plugins, and once installed, the attackers utilized the FileManager plugin to explore the victim’s systems and deployed password stealers targeting Chrome and Microsoft Edge to extract credentials. In addition to GodRAT, they also employed AsyncRAT as a secondary implant to maintain prolonged access.
“GodRAT appears to be an evolution of AwesomePuppet, which was reported by Kaspersky in 2023 and is likely linked to the Winnti APT. Its distribution methods, rare command-line parameters, code similarities with Gh0st RAT, and shared artifacts — such as a distinctive fingerprint header — suggest a common origin. Despite being nearly two decades old, legacy implant codebases like Gh0st RAT continue to be actively used by threat actors, often customized and rebuilt to target a wide range of victims. The discovery of GodRAT demonstrates how such long-known tools can remain relevant in today’s cybersecurity landscape,” comments Saurabh Sharma, Security Researcher within Kaspersky’s Global Research and Analysis Team.
People In This Post
Companies In This Post
- Club Brugge KV Appoints Neo as its Official Foreign Currency Exchange Partner Read more
- Coda Completes Acquisition of Recharge, Expanding Global Reach in Digital Content Monetization and Distribution Read more
- Work In Fintech and payabl. Partner to Showcase AI at Third Work in Fintech Summit Read more
- Bitget’s Smarter Speed Challenge Brings MotoGP Online Read more
- Experian M&A Activity Report Shows ThinCats as Leading Alternative Finance Debt Provider Across the UK in First Half of 2025 Read more
Work In Fintech and payabl. Partner to Showcase AI at Third Work in Fintech Summit
Work in Fintech (‘WIF’), the social project dedicated to increasing diversity and social mobility for young people in fintech, today announces the return of payabl., one of Europe’s leading financial technology providers, as main sponsor of its third flagship event - The Work In Fintech AI Summit - taking place at Google’s Headquarters in London.
Kaspersky Detected a New Remote Access Trojan Targeting Financial Institutions Through Skype Messenger
Kaspersky’s Global Research and Analysis Team (GReAT) has uncovered GodRAT — a new Remote Access Trojan distributed via malicious screensaver files disguised as financial documents and delivered through Skype messenger until March 2025, subsequently transitioning to other channels. SMBs in UAE, Hong Kong, Jordan and Lebanon were targeted throughout this campaign.
AI-Native Loan Origination Platform Casca Raises $29 Million to Replace Legacy Lending
Casca, the first AI-native loan origination platform, today announced it raised $29 million in its Series A, bringing its total in funding to-date to $33 million.
Oh Crumbs! Zopa Bank Drives 10,240 Biscuits Through Central London to Show the Real Value of Switching as Santander Closes Its 123 Lite Account
Zopa created an eye-catching stunt for passers-by: 10,240 biscuits stacked in a huge box in central London
Fig Chooses Flagright for Real-Time Transaction Monitoring and AML Compliance
Flagright has welcomed Fig as its newest customer and will utilize real-time transaction monitoring, AML screening as it scales across Canada.
N26 Founder Valentin Stalf to Move to Digital Bank’s Supervisory Board
N26 announced changes to its leadership team, Valentin Stalf will step away from his operational responsibility
Unity Trust Bank Reports Record Level of Lending in UK’s Most Deprived Areas
Unity Trust Bank, the award-winning UK social impact bank, has continued to deliver positive impact where it matters with its half-year results showing a record level of lending going into areas of high deprivation.
Club Brugge KV Appoints Neo as its Official Foreign Currency Exchange Partner
Club Brugge KV has announced a new five-year partnership with Neo as its Official Foreign Currency Exchange Partner
Coda Completes Acquisition of Recharge, Expanding Global Reach in Digital Content Monetization and Distribution
Coda, a global leader in digital content monetization headquartered in Singapore, has completed its acquisition of Recharge, Europe’s leading prepaid payments platform, headquartered in Amsterdam. This follows Coda’s announcement last month on the signing of a definitive agreement to acquire Recharge.
Work In Fintech and payabl. Partner to Showcase AI at Third Work in Fintech Summit
Work in Fintech (‘WIF’), the social project dedicated to increasing diversity and social mobility for young people in fintech, today announces the return of payabl., one of Europe’s leading financial technology providers, as main sponsor of its third flagship event - The Work In Fintech AI Summit - taking place at Google’s Headquarters in London.
Bitget’s Smarter Speed Challenge Brings MotoGP Online
Bitget, the world’s leading cryptocurrency exchange and Web3 company, is revving up for the second half of the MotoGP season with the official launch of the Smarter Speed Challenge, an online racing mini-game built to bring an adrenaline rush to the fingertips of both Web2 and Web3 users. Flagging off on August 18, this campaign blends online gameplay with real-world perks. Users can climb live online leaderboards for their chance at a share of 66,000 USDT, a paid trip to meet five-time world champion Jorge Lorenzo and exclusive 2026 MotoGP VIP Passes.
Experian M&A Activity Report Shows ThinCats as Leading Alternative Finance Debt Provider Across the UK in First Half of 2025
Today, Experian has published its latest MarketIQ report, detailing M&A activity across the UK and Ireland for the first half of 2025. ThinCats has ranked as the top alternative finance provider of debt funding across the UK, for deal volume.
HTX Ventures’ Comprehensive Analysis of Tokenized Stocks: Three Main Models, Key Players, and the Global Market Race
HTX Ventures, the global investment arm of HTX, has released its latest research report “Are Tokenized Stocks a Treat or a Trap? A Complete Guide”. The report examines the driving forces, mainstream models, and possible evolution paths of tokenized stocks, and explores how they may merge with traditional capital markets.
The UK’s Payments Revolution Can’t Ignore the Fraud Crisis
“The UK’s Payments Vision Delivery Committee (PVDC) has left fintechs and other companies in the transaction processing industry on the edge of their seat as they recently teased that not only would their official strategy for a “world-leading payments ecosystem” be made public this autumn, but that their Payments Forward Plan would be published by the end of the year. These initiatives, set forth under the sight of the National Payment Vision, will lay the blueprint for a true overhaul of the U.K. payments ecosystem that will champion “innovation, competition and security.”