kwabe vic 
- Deepfake Scams and AI-Generated Malware Emerge as Major Cyber Risks for Kenya —ESET;
Cybersecurity risks facing Kenyan organizations are intensifying, driven by the rapid rise of deepfake-enabled scams, AI-assisted fraud and increasingly sophisticated malware, according to ESET’s H2 2025 Threat Report.
Released by ESET Research, the report analyses threat trends observed in ESET telemetry between June and November 2025.
It highlights Kenya’s continued exposure to socially engineered cybercrime, particularly investment scams amplified through deepfake video impersonation and AI-generated phishing infrastructure.
During regional briefings, ESET researchers warned that fraud — rather than traditional malware — remains one of the most significant cyber risks in Kenya.
Investment scams, often distributed through social media and online advertising, are becoming more convincing and harder to detect as criminals adopt artificial intelligence tools.
ESET has tracked the rapid growth of HTML-based scam campaigns globally, including the Nomani investment scam, which increased by 62 percent year-on-year.
These campaigns increasingly rely on high-quality deepfake videos, AI-generated websites and short-lived advertising campaigns designed to evade security controls.
According to Allan Juma, Lead Cyber Security Engineer at ESET, the region has seen a sharp rise in deepfake video impersonations used to promote fraudulent schemes.
“A recent high-profile incident where a deepfake video impersonated a prominent Kenyan political figure to promote a fake investment opportunity shows how fast these scams can spread across social media and mainstream media channels,” Juma said.
“The realism of deepfakes significantly accelerates both the reach and impact of fraud.”
Mobile and NFC Threats on the Rise
Beyond scams, ESET’s report also highlights growing risks on mobile platforms. NFC-based threats recorded an 87 percent increase globally in H2 2025, reflecting both greater scale and technical sophistication
NGate — an NFC threat first discovered by ESET — received a major upgrade, adding contact-stealing capabilities that researchers believe could support future attack campaigns.
Meanwhile, a newly identified threat dubbed RatOn introduced a rare combination of remote access trojan (RAT) functionality and NFC relay attacks.
RatOn was distributed through fake Google Play pages and online advertisements impersonating an adult version of TikTok and a digital banking ID service, demonstrating how attackers continue to exploit trusted platforms to reach victims.
AI-Powered Ransomware and Under-Reporting Concerns
At the global level, ESET researchers also identified PromptLock, the first known AI-driven ransomware capable of dynamically generating malicious scripts during execution.
While AI-powered malware remains relatively rare, researchers warn that AI is increasingly being used to enhance phishing, impersonation and fraud techniques — many of which are already prevalent in Kenya.
Ransomware activity continues to grow worldwide, with ESET projecting a 40 percent year-on-year increase in publicly reported ransomware victims compared with 2024.
Akira and Qilin now dominate the ransomware-as-a-service ecosystem, while newer groups such as Warlock are introducing advanced evasion techniques.
However, ESET cautions that ransomware activity in Kenya is likely under-reported.
“Many ransomware incidents in Kenya are handled quietly, without public disclosure,” Juma noted. “This makes it difficult to assess the true scale of the problem and limits awareness across the wider business community.”
Kenya is also playing a role in regional efforts to combat cyber-enabled crime.The country participated in Operation Sentinel, a joint initiative coordinated by INTERPOL and AFRIPOL, which resulted in 574 arrests and the recovery of approximately USD 3 million linked to cybercrime across participating countries.
As cybercriminals increasingly adopt artificial intelligence and social engineering techniques, ESET researchers warn that organisations in Kenya must strengthen cybersecurity awareness, detection capabilities and incident reporting to keep pace with a rapidly evolving threat landscape.
