Infosec researchers have determined that Grind3lwald is a fully-functional Remote Access Trojan (RAT) that can be customized to perform numerous intrusive and threatening actions on compromised computers. Despite having an official website where its authors claim that Grind3lwald is not intended to be used in illegal activities, the RAT is also being promoted on dedicated hacker forums. In fact, Grind3lwald's developers offer several different price plans, depending on the desired functionality of the threat. Apparently, the RAT also can be instructed to act as a loader, keylogger or stealer.
Typically, loaders are initial-stage threats responsible for the delivery of next-stage payloads. This means that besides its remote access capabilities, Grind3lwald also could be used to deploy other threats to the victim's device, such as ransomware, crypto-miners, other trojans and more. Keyloggers, on the other hand, are stealthy implants designed to spy on the victim and obtain sensitive private data by tracking each keyboard or mouse input. Finally, by including stealer functions, Grind3lwald could attempt to extract private data from Web browsers or other installed applications. Usually, the attackers aim to obtain account credentials (emails, usernames and passwords), as well as payment/banking information.
An additional feature offered by Grind3lwald is the ability to exploit macro commands in Excel documents. Cybercriminals often employ corrupted macros in their attack campaigns as an initial vector of compromise to the targeted computers. These macros are injected into a weaponized bait document and are executed the moment the victim tries to open the file. In most cases, these compromised files are disseminated via spam email campaigns.