FakeUpdates was the most prevalent malware globally in April 2025, according to the latest Global Threat Index published by Check Point Software Technologies Ltd.
The report revealed that FakeUpdates, a downloader malware first identified in 2018, affected six percent of organisations worldwide during the month. It was followed closely by Remcos and AgentTesla.
FakeUpdates is typically distributed through drive-by downloads on compromised or malicious websites, tricking users into installing a fake browser update. Linked to the Russian cybercriminal group Evil Corp, the malware is known for delivering various secondary payloads after the initial infection.
Read also; Nigeria climbs cyber threat index as attacks mount
“April’s data reveals a growing use of stealthy, multi-stage malware campaigns and a continued focus on sectors with lower defenses,” the report noted. “With FakeUpdates remaining the most prevalent threat and new ransomware actors like SatanLock emerging, organisations must prioritise proactive, layered security to stay ahead of evolving attacks.”
Lotem Finkelstein, director of Threat Intelligence at Check Point Software, added, “This latest campaign exemplifies the growing complexity of cyber threats. Attackers are layering encoded scripts, legitimate processes, and obscure execution chains to remain undetected.
“What we once considered low-tier malware is now weaponised in advanced operations. Organisations must adopt a prevention-first approach that integrates real-time threat intelligence, AI, and behavioural analytics.”
The report also revealed that eight African countries ranked among the top 20 most targeted globally by malware operators.
Ethiopia retained the number one spot out of 107 countries surveyed. Zimbabwe ranked third with a Normalised Risk Index of 85 percent, followed by Mozambique in ninth place with a 67 percent risk index.
Read also: NITDA warns Nigerians about malware stealing banking details
Angola and Nigeria were listed 11th and 12th, respectively, with Normalised Risk Indexes of 66 and 66.2 percent. Ghana, Kenya, and Uganda rounded out the list in 17th, 18th, and 19th places, respectively, with indexes of 62.9, 60.5, and 60.2 percent.
The report added that researchers uncovered a sophisticated multi-stage malware campaign delivering AgentTesla, Remcos, and Xloader (a FormBook evolution) in April.
It added, “The attack begins with phishing emails disguised as order confirmations and lures victims into opening a malicious 7-Zip archive.
“This archive contains a JScript Encoded (.JSE) file that launches a Base64-encoded PowerShell script, which executes a second-stage .NET or AutoIt-based executable. The final malware is injected into legitimate Windows processes such as RegAsm.exe or RegSvcs.exe, significantly increasing stealth and detection evasion.”
