This is according to Check Point Software Technologies’ Global Threat Index for April 2025. According to the results, FakeUpdates affected 6% of companies worldwide, with Remcos and AgentTesla following closely behind.
Ethiopia remained the most targeted country on the continent, out of the 107 countries included in Check Point’s survey. Zimbabwe was the third most targeted country, with a standardised risk score of 85%, followed by Mozambique, which ranked ninth, with a standardised risk score of 67%.
Angola and Niga © ria rank 11th and 12th, respectively, with normalized risk ratios of 66% and 66,2%. Ghana, Kenya and Uganda rank 17th, 18th and 19th, respectively, with normalized risk ratios of 62,9%, 60,5% and 60,2%.
Data security is vital for Africa, says Nigeria
According to Check Point, there was a multi-phase malware campaign in April that distributed AgentTesla, Remcos, and Xloader (an evolution of FormBook).
The attack begins with phishing emails disguised as order confirmations, which trick victims into opening a malicious Seven (7)-Zip archive. The archive contains a JScript Encoded (.JSE) file that launches a Base64-encoded PowerShell script, which then executes a .NET or AutoIt-based second-stage executable.
The final virus is injected into normal Windows processes such as RegAsm.exe or RegSvcs.exe, which dramatically improves stealth and resistance to detection.
Check Point Software’s Director of Threat Intelligence, Lotem Finkelstein, said this latest campaign exemplifies the growing complexity of cyber threats. Attackers are layering hard-coded scripts, legitimate processes and obfuscated execution chains to evade detection.
“What we once considered low-level malware is now weaponized in advanced operations. Organizations must adopt a prevention-first approach that integrates real-time threat intelligence, artificial intelligence and behavioral analytics.”
Furthermore, education, public administration and telecommunications are the most attacked organizations worldwide.
“For the third consecutive month, the education sector was the most targeted industry, due to its broad user base and typically weaker cybersecurity. Government and telecommunications followed, reflecting the continued focus on critical infrastructure and public services, especially in high-risk or rapidly digitalized regions,” Check Point said.
