ESET Research has released its latest Threat Report summarising the threat trends observed in ESET telemetry and analysed by ESET threat detection and research experts in the second half of 2025. During regional briefings, ESET noted that socially engineered fraud remains a key risk in Kenya, particularly investment scams amplified through deepfake video and impersonation.
ESET researchers have tracked the continued evolution of HTML-based scam campaigns, including the Nomani investment scam, which grew by 62% year-on-year globally. These campaigns are increasingly using high-quality deepfake video, AI-generated phishing sites and short-lived advertising campaigns to evade detection. As Allan Juma, Lead Cyber Security Engineer at ESET, noted, there has been a surge in deepfake video impersonations and fraudulent attacks within the region.
“A recent, high-profile incident where a deepfake video was used to impersonate a prominent Kenyan political figure to promote a fraudulent investment scheme showcases how rapidly these scams spread across social media platforms and media outlets,” he says. “This incident illustrates how realistic deepfakes can accelerate the reach and impact of scams.”
On the mobile platform front, NFC threats continued to grow in scale and sophistication globally, with an 87% increase in ESET telemetry and several notable upgrades and campaigns observed in H2 2025. NGate — a pioneer among NFC threats, first discovered by ESET — received an upgrade in the form of contact stealing, likely laying the groundwork for future attacks. RatOn, entirely new malware on the NFC fraud scene, brought a rare fusion of remote access trojan (RAT) capabilities and NFC relay attacks. RatOn was distributed through fake Google Play pages and ads mimicking an adult version of TikTok and a digital bank ID service.
Crypto boom exposes Africa cyber risk
At the same time, global threat developments continue to impact Kenyan organisations. In H2 2025, ESET discovered PromptLock, the first known AI-driven ransomware capable of generating malicious scripts dynamically during execution. While AI-powered malware remains rare, ESET researchers caution that AI is increasingly being used to enhance phishing, scams and impersonation techniques, which underpin many of the fraud campaigns taking root in Kenya.
Ransomware activity continues to grow globally with ESET Research projecting a 40% year-on-year increase in publicly reported ransomware victims compared with 2024. Akira and Qilin now dominate the ransomware-as-a-service market, while low-profile newcomer, Warlock, introduced innovative evasion techniques. EDR killers continued to proliferate, highlighting that endpoint detection and response tools remain a significant obstacle for ransomware operators. Juma cautions that, in Kenya, ransomware incidents are often handled quietly, resulting in fewer public disclosures and making it difficult to quantify the full extent of ransomware activity in the country. Kenya is also actively participating in efforts to counter cyber-enabled crime.
The country took part in Operation Sentinel, a joint law-enforcement initiative coordinated by INTERPOL and AFRIPOL, which resulted in 574 arrests and the recovery of approximately USD 3 million linked to cyber-enabled crimes across participating countries.
