Blog

The first quarter of 2025 has revealed a cyber threat landscape that's less about quantity and far more about quality-and danger. While global data shows a drop in the sheer number of attacks, this doesn't signal a reprieve. Instead, threat actors are evolving, favouring precision, deception, and financial gain over indiscriminate volume. Cybercriminals are adapting fast to new technologies, platforms, and user habits, launching more sophisticated, targeted campaigns that challenge even the most vigilant defenders. In regions like Africa, where cyber risks are rising rapidly, trusted cybersecurity solutions like Avast and AVG play a crucial role in delivering advanced protection tailored to local needs.

A Changing Threat Landscape: Less Noise, More Precision

The global cyber risk index hovered at a steady 24.53% in Q1 2025, continuing the high-risk environment seen since late 2024. While fewer attacks were reported overall, this dip is deceptive. Cybercriminals are focusing their efforts on fewer but far more complex and targeted intrusions. This shift is driven largely by the expanding use of artificial intelligence (AI), deepfakes, and social engineering that exploit trust and platform vulnerabilities.

Financial Attacks Take a Sophisticated Turn

One of the most striking developments in Q1 came from the financial crime sector, where attackers have raised the stakes with innovative scams. The CryptoCore group launched an elaborate campaign centred on deepfake videos, hijacked YouTube accounts, and cloned websites that mimicked legitimate crypto giveaways tied to President Trump's 2025 inauguration. This high-tech scam reportedly netted around $3.8 million across more than 2,200 transactions.

Mobile banking threats also surged. The Crocodilus trojan emerged as a particularly nasty strain, abusing accessibility features on smartphones to stealthily steal crypto credentials. This threat was especially prevalent in Spain and Turkey. Meanwhile, LifeLock's monitoring service recorded a notable increase in fraud alerts, confirming the growing financial risk consumers face.

Data Breaches and Info Stealers Surge Dramatically

Data breaches exploded in volume and severity this quarter, with breach events rising over 36% and compromised personal records soaring by an astonishing 186%. This jump signals that threat actors are not only increasing access but also harvesting far larger data caches.

One key culprit was the Lumma Stealer, a sophisticated infostealer tool that targeted credentials, crypto wallets, and two-factor authentication tokens. After rapid proliferation, Lumma was taken down in a coordinated Europol and Microsoft operation, underscoring how global partnerships are crucial in combatting cybercrime.

Phishing attacks also escalated, with criminals exploiting low-code platforms like Weebly and Wix to host deceptive login pages. These pages are harder to detect because they reside on trusted domains, making phishing emails more convincing and bypassing traditional email filters. Major phishing campaigns targeted telecom and streaming customers in the U.S. and Australia, exposing how easily these tactics can be localized and scaled.

Ransomware's Persistent Threat and AI-Driven Malware

Ransomware remained a significant threat. The Magniber ransomware strain continued to dominate attacks, responsible for about 67% of cases and impacting over 100,000 users worldwide. However, the most notable newcomer was FunkSec, a ransomware strain reportedly crafted with AI-generated code.

This development could signal a new era where AI lowers the technical barrier for cybercriminals, enabling faster creation and deployment of malicious software. Interestingly, despite continued attacks, ransom payments declined 35% year-over-year in 2024, reflecting growing resistance from victims and successful law enforcement efforts targeting crypto infrastructure.

The Growing Menace of "Scam-Yourself" Attacks

Scam-yourself attacks-where victims are tricked into infecting their own devices-expanded significantly. FakeCaptcha scams, once mainly a Windows problem, are now infecting macOS users too, delivering infostealers like AMOS stealthily.

Fake browser update scams targeting European users increased an eye-popping 17-fold this quarter. These scams lure users into downloading malware disguised as routine browser patches.

More than 4 million users were protected from these scams in Q1 alone, but the threat remains formidable. These attacks often revive older malware strains like Wincir RAT, relying on social engineering tactics to get users to execute malicious installers manually.

Social Media: The New Frontline for Scams

Social platforms remain fertile ground for fraudsters. Cybercriminals exploit compromised accounts, AI-generated personas, influencers, and platform advertising to add legitimacy to their scams, especially on Facebook and YouTube.

Fake influencers-such as the AI persona "Thomas Harris"-promote bogus crypto trading tools through unlisted YouTube videos amplified by targeted ads. These channels often appear legitimate by mimicking official branding, deleting original content, and even linking to genuine videos to build trust.

Attackers often direct users to copy malicious smart contract code into fake coding environments, draining crypto funds via cleverly disguised scams on typo-squatted websites.

Mobile Threats Surge, Particularly in Latin America and Asia

Mobile adware and spyware infections rose sharply, with a 25% increase in protected users. Brazil, India, Argentina, and Mexico were hotspots for adware campaigns led by HiddenAds and MobiDash. Mexico alone saw adware infections increase by 42%.

Spyware also grew by 6%, with new strains like SpySolr and Tambir targeting users in Turkey and India. Spain and Turkey experienced especially large spikes in spyware attacks, increasing 96% and 84%, respectively.

Regional Cyber Risk Variations

• Highest-risk countries: China (48.6%), Georgia (44.5%), and Vietnam (39%)
• Lower-risk countries: Japan (16.1%), Germany (20.1%), and France (24.9%)
• Strong resilience: Finland, Sweden, and Norway hovered below 24% risk
• South America: Brazil and Argentina saw notable mobile threat spikes
• Low-risk regions: Haiti and the Democratic Republic of Congo

Avast and AVG Cybersecurity: Trusted Protection for Africa

In the face of these evolving cyber threats, choosing the right cybersecurity partner is critical-especially in regions facing rapidly increasing risks like Africa. Avast and AVG are global leaders in antivirus and cybersecurity, offering advanced protection against malware, ransomware, phishing, and more. With AI-powered threat detection and real-time updates, both brands safeguard your devices-Windows, macOS, Android, and iOS-against evolving cyber threats.

Why Choose Avast and AVG?

• Comprehensive Protection: Real-time defense against various online threats
• Cross-Platform Security: Safeguard multiple devices with one subscription
• Privacy Features: VPN, identity protection, and data breach monitoring
• User-Friendly Interface: Easy to use, with minimal impact on device performance

Interested in Avast? Contact Acnode

For individuals, businesses, and organizations in South Africa seeking reliable cybersecurity solutions with local support, contact Acnode, an official Avast provider: