ESET Research has released its latest Threat Report summarising the threat trends observed in ESET telemetry and analysed by ESET threat detection and research experts in the second half of 2025. During regional briefings, ESET noted that socially engineered fraud remains a key risk in Kenya, particularly investment scams amplified through deepfake video and impersonation. 

ESET researchers have tracked the continued evolution of HTML-based scam campaigns, including the Nomani investment scam, which grew by 62% year-on-year globally. These campaigns increasingly use high-quality deepfake videos, AI-generated phishing sites, and short-lived advertising campaigns to evade detection. As Allan Juma, Lead Cyber Security Engineer at ESET, noted, there has been a surge in deepfake video impersonations and fraudulent attacks within the region. 

“A recent, high-profile incident where a deepfake video was used to impersonate a prominent Kenyan political figure to promote a fraudulent investment scheme showcases how rapidly these scams spread across social media platforms and media outlets,” he says. “This incident illustrates how realistic deepfakes can accelerate the reach and impact of scams.” 

Start off your week with tech news recap and trending conversations in your inbox

Enter valid email-id

Subscribe

I prefer it on Telegram

On the mobile platform front, NFC threats continued to grow in scale and sophistication globally, with ESET telemetry up 87% and several notable upgrades and campaigns observed in H2 2025. NGate — a pioneer among NFC threats, first discovered by ESET — received an upgrade: contact stealing, likely laying the groundwork for future attacks. RatOn, a new malware on the NFC fraud scene, combines remote access trojan (RAT) capabilities with NFC relay attacks. RatOn was distributed through fake Google Play pages and ads mimicking an adult version of TikTok and a digital bank ID service. 

At the same time, developments in global threats continue to affect Kenyan organisations. In H2 2025, ESET discovered PromptLock, the first known AI-driven ransomware capable of generating malicious scripts dynamically during execution. While AI-powered malware remains rare, ESET researchers caution that AI is increasingly being used to enhance phishing, scams, and impersonation techniques that underpin many of the fraud campaigns taking root in Kenya. 

Ransomware activity continues to grow globally with ESET Research projecting a 40% year-on-year increase in publicly reported ransomware victims compared with 2024. Akira and Qilin now dominate the ransomware-as-a-service market, while low-profile newcomer, Warlock, introduced innovative evasion techniques. EDR killers continued to proliferate, highlighting that endpoint detection and response tools remain a significant obstacle for ransomware operators. Juma cautions that, in Kenya, ransomware incidents are often handled quietly, resulting in fewer public disclosures and making it difficult to quantify the full extent of ransomware activity in the country. Kenya is also actively participating in efforts to counter cyber-enabled crime. 

The country took part in Operation Sentinel, a joint law-enforcement initiative coordinated by INTERPOL and AFRIPOL, which resulted in 574 arrests and the recovery of approximately USD 3 million linked to cyber-enabled crimes across participating countries.