The ESET Second Half Threat Report reveals that Kenya remains highly vulnerable to AI-enhanced threats, notably deepfake-driven fraud and AI-coded malware. While reported ransomware cases appear lower in number, experts attribute this to widespread under-reporting by affected organizations.
During regional sessions, ESET experts warned that Kenya faces significant risks from social engineering—specifically investment fraud driven by realistic deepfake impersonations. HTML-based scams are also evolving rapidly; the Nomani Investment scam saw a 62% global annual increase. Modern attackers are leveraging high-fidelity deepfake videos, AI-generated phishing sites, and targeted ad campaigns to evade detection.
Allan Juma, Lead Cybersecurity Engineer at ESET, highlighted the surge in these attacks “A recent, high-profile incident where a deepfake video was used to impersonate a prominent Kenyan political figure to promote a fraudulent investment scheme showcases how rapidly these scams spread across social media platforms,” noted Juma. “This incident illustrates how realistic deepfakes can accelerate the reach and impact of scams.”
ESET telemetry reveals an 87% rise in global NFC threats for late 2025. Key developments include:
- NGate malware: Steals contact lists to facilitate secondary attacks.
- RatOn: Targets users via malicious ads and forged Google Play pages disguised as social media or banking services.
- PromptLock: Recently identified by ESET as the first ransomware to use AI for generating live malicious scripts.
While fully AI-generated malware remains an emerging threat, experts warn it is already being used to enhance the phishing and scam techniques currently spreading across Kenya.
Ransomware activity continues to grow globally, with ESET Research anticipating a 40% annual rise in publicly reported victims compared to 2024.
While Akira and Qilin dominate the Ransomware-as-a-Service (RaaS) sector, a new player, Warlock, has debuted advanced methods for dodging security. Furthermore, the rise of “EDR Killers” suggests hackers are increasingly focused on neutralizing the very security defenses meant to block them.
According to Juma, the tendency for Kenyan companies to keep ransomware attacks private makes it difficult to measure the true severity of the problem. However, Kenya is actively engaging in global partnerships to combat these offenses.
Most recently, Kenya participated in Operation Sentinel, a collaborative crackdown led by INTERPOL and AFRIPOL. This international effort resulted in 574 arrests and the recovery of nearly USD 3 million in stolen funds connected to digital crimes across multiple countries.
[Secure Your Seat at Africa Tech Summit Nairobi 2026 | February 11–12 here] Use code TTRENDS10 at checkout to save 10% on your pass and join the leaders building Africa’s $1 trillion cross-border payment future.
Go to TECHTRENDSKE.co.ke for more tech and business news from the African continent.
Follow us on WhatsApp, Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke
