In the rapidly shifting world of cyber threats, Africa is becoming a primary battleground. According to Check Point Software Technologies (NASDAQ: CHKP), a global leader in AI-powered cybersecurity, eight African countries ranked among the Top 20 most targeted nations in its newly released Global Threat Index for June 2025.
The report reveals a troubling surge in sophisticated cyberattacks led by the resurgence of AsyncRAT, a remote access Trojan, and the continued global dominance of FakeUpdates malware, notorious for its stealth and versatility.
Qilin ransomware, a rapidly growing ransomware-as-a-service group, also continues to wreak havoc, especially within high-stakes industries like healthcare and education.
🌍 Africa in the Crosshairs: Vulnerability Deepens Across the Continent
Among 109 countries surveyed globally, Ethiopia emerged as the most targeted, with Nigeria holding firm at 5th place with a Normalised Risk Index of 77.6%. Other countries in the Top 20 included:
- Mauritius (7th, 72.3%)
- Mozambique (10th, 67.2%)
- Zimbabwe (11th, 66.4%)
- Uganda (12th, 65%)
- Angola (17th, 59.8%)
- Kenya (19th, 58.1%)
South Africa, while lower on the list at 51st (44.8%), saw a notable rise from its 47th place in May, indicating growing vulnerability.
“African organisations are facing increasingly advanced threats. Cybercriminals are exploiting trusted platforms like Discord and Google Play to infiltrate systems. The need for multi-layered, real-time cybersecurity has never been more urgent,” said Lionel Dartnall, Country Manager, SADC at Check Point Software.
🛠️ Top Malware Threats: AsyncRAT and FakeUpdates Dominate
- AsyncRAT: Surged into the top 3 global threats by exploiting Discord invite links to deliver malicious payloads. This malware gives hackers remote access to victims’ systems, allowing them to exfiltrate data, disable security processes, and spy on users.
- FakeUpdates: The most widespread malware worldwide for another month, FakeUpdates is linked to Evil Corp and uses drive-by downloads to install additional malware on infected systems.
“AsyncRAT’s new Discord-based campaign shows how cybercriminals adapt quickly to bypass trust barriers,” explained Lotem Finkelstein, director of Threat Intelligence at Check Point. “Combined with FakeUpdates and Qilin’s targeted ransomware operations, organisations face a perfect storm.”
🔒 Top Ransomware Groups in June 2025
- Qilin (aka Agenda): Leading ransomware group, responsible for 17% of all attacks in June. Known for targeting large enterprises, particularly in healthcare and education, through phishing and data encryption.
- SafePay: Continues using double-extortion tactics, encrypting files while also stealing data for blackmail.
- Akira: Exploits vulnerabilities in VPN endpoints, especially in systems with outdated security infrastructure.
📱 Mobile Malware Alert: Banking Trojans on the Rise
- Anubis: Tops the list as the most dangerous mobile malware, bypassing multi-factor authentication (MFA) to steal banking credentials, often through apps disguised as legitimate tools on Google Play.
- AhMyth & Necro: These Android-based RATs compromise users’ devices, enabling attackers to monitor screens, log keystrokes, or hijack mobile data usage for crypto mining and botnet activity.
🏛️ Sectors Most Under Siege
- Education – Large, decentralized networks make schools and universities easy targets.
- Government – High-value data and public infrastructure put agencies in constant danger.
- Telecommunications – The lifeline of digital communication is being targeted for data and service disruption.
⚠️ Key Takeaways for African Organisations
- Cyberattacks are evolving, both in sophistication and delivery method.
- African countries remain top targets for malware and ransomware groups, with AsyncRAT and FakeUpdates leading the charge.
- There is an urgent need for proactive cybersecurity strategies, including real-time threat intelligence, endpoint protection, and employee education.
“The lines between malware, ransomware, and phishing are blurring,” Dartnall warns. “Organisations must adopt a zero-trust architecture and continuous threat monitoring to stay ahead.”
