As Africa continues to combat cyber threats, FakeUpdates remained the most common danger last month, with eight African countries ranking in the top 20 most targeted by malware practitioners.
This is according to Check Point Software Technologies' Global Threat Index for April 2025. According to the findings, FakeUpdates affected 6% of businesses globally, with Remcos and AgentTesla following closely behind.
Ethiopia remained the most targeted country on the continent, out of the 107 countries included in the Check Point survey.
Zimbabwe is the third most targeted country, with a normalised danger score of 85%, followed by Mozambique, which ranks ninth with a normalised risk level of 67%.
Angola and Nigeria rank 11th and 12th, respectively, with normalised risk indices of 66% and 66.2%. Ghana, Kenya, and Uganda ranked 17th, 18th, and 19th, respectively, with normalised risk indexes of 62.9%, 60.5%, and 60.2%.
According to Check Point, there was a multi-stage malware campaign in April that delivered AgentTesla, Remcos, and Xloader (a FormBook evolution).
The attack begins with phishing emails disguised as order confirmations, which lead victims to open a malicious Seven (7)-Zip archive.
The archive contains a JScript Encoded (.JSE) file that launches a Base64-encoded PowerShell script, which then executes a second-stage.NET or autoIt-based executable.
The final virus is injected into normal Windows processes like RegAsm.exe or RegSvcs.exe, which dramatically improves stealth and detection resistance.
Commenting on the findings, Lotem Finkelstein, director of Threat Intelligence at Check Point Software said: “This latest campaign exemplifies the growing complexity of cyber threats. Attackers are layering encoded scripts, legitimate processes, and obscure execution chains to remain undetected.
“What we once considered low-tier malware is now weaponised in advanced operations. Organisations must adopt a prevention-first approach that integrates real-time threat intelligence, artificial intelligence, and behavioral analytics.”
Additionally, education, government, and telecommunications are the most attacked organisations globally.
“For the third straight month, the education sector was the most targeted industry, due to its broad user base and typically weaker cyber security. Government and telecom followed, reflecting continued focus on critical infrastructure and public services, especially in high-risk or rapidly digitising regions,” said Check Point.
Share
