Johannesburg– July 10th, 2025 – Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a global leader in AI-powered, cloud-delivered cybersecurity solutions, has unveiled its Global Threat Index for June 2025, highlighting a surge in new and evolving threats. Check Point Research has uncovered that AsyncRAT, a remote access Trojan (RAT), rising to the top 3 leading malware threats this month, has been exploiting Discord invite links to distribute malicious payloads. Meanwhile, FakeUpdates remains the most prevalent malware, continuing to impact organisations worldwide.  The Qilin ransomware group remains a significant actor in the cybercrime scene, with targeted attacks on large enterprises, particularly in the healthcare and education sectors.

African countries continue to be among the most vulnerable to cyber threats with eight countries ranked among the Top 20 most targeted.  Ethiopia occupies the number one spot of the 109 involved in the Check Point survey. Others on the continent include Nigeria, which maintained its fifth position with a Normalised Risk Index of 77.6%, followed by Mauritius 7th with a Normalised Risk Index of 72.3%.  Mozambique was ranked 10th with a Normalised Risk Index of 67,2%, Zimbabwe 11th with a Normalised Risk Index of 66,4%, Uganda 12th and Angola 17th with Normalised Risk Indexes of 65% and 59,8% respectively. Kenya was ranked 19th  with a Normalised Risk Index of 58.1%. South Africa was ranked 51st with a Normalised Risk Index of 44,8% up from 47th last month.

"As cybercriminals become more sophisticated, organisations must stay ahead of evolving threats with multi-layered security solutions. The June 2025 Global Threat Index emphasises the need for proactive measures to safeguard against the most advanced attacks of the year. This is especially so among African countries which remain among the most vulnerable to cyber threats," says Lionel Dartnall, Country Manager SADC for Check Point Software Technologies.

Lotem Finkelstein, Director of Threat Intelligence at Check Point Software, commented, "The AsyncRAT campaign we discovered and the continued dominance of FakeUpdates showcase the evolving complexity of cyberattacks. With the advent of dominant ransomware groups like Qilin, we see more targeted and refined approaches to data theft and encryption. Organisations need to be proactive in their defense, implementing real-time threat intelligence and comprehensive security strategies."

Key Findings

    AsyncRAT continues to maintain a high position in the threat ranks in June 2025, exploiting trusted platforms like Discord for payload delivery and data exfiltration. It allows attackers to remotely access and control infected systems.

    FakeUpdates, still the most widespread malware globally, is associated with the Evil Corp hacking group and spreads via drive-by downloads. It delivers various secondary payloads after infection.

    Qilin, a ransomware-as-a-service group, continues to target high-value industries, including healthcare and education, utilising phishing emails to infiltrate networks and encrypt sensitive data.

Top Malware Families

    FakeUpdates – FakeUpdates remains the most widespread malware, affecting 4% of organisations worldwide. This downloader malware is used to install fake updates, allowing attackers to deploy secondary payloads on compromised systems.

    Androxgh0st – Androxgh0st, a Python-based malware, scans for exposed .env files to steal sensitive credentials from applications running on the Laravel PHP framework. It uses a botnet for cloud exploitation and cryptocurrency mining.

    AsyncRAT – AsyncRAT, a remote access Trojan (RAT), has rapidly grown in prominence. It's used for data theft and system compromise, enabling attackers to execute commands like downloading plugins, terminating processes, and capturing screenshots.

Top Ransomware Groups

    Qilin – Qilin (also known as Agenda) remains the top ransomware group, responsible for 17% of attacks in June 2025. This ransomware-as-a-service group specialises in targeting large enterprises, particularly in the healthcare and education sectors.

    SafePay – SafePay continues to be a major ransomware threat, using a double-extortion model to encrypt victims' files while stealing sensitive data. This ransomware group has been active against both large organisations and small businesses.

    Akira – Akira ransomware exploits vulnerabilities in VPN endpoints, encrypting data with a distinctive ".akira" extension. It primarily targets enterprises with weak or outdated security measures.

Top Mobile Malware

    Anubis – Anubis is the most prevalent mobile malware, known for its ability to bypass multi-factor authentication (MFA) and steal banking credentials. It is often distributed through malicious apps available on the Google Play Store.

    AhMyth – AhMyth, a remote access Trojan (RAT) for Android, is disguised as legitimate apps and grants attackers access to exfiltrate banking credentials, MFA codes, and perform keylogging and screen capture.

    Necro – Necro is a malicious downloader that can execute harmful commands on Android devices, including downloading malware and ads, and rerouting internet traffic through compromised devices, turning them into part of a botnet.

Top-Attacked Industries

    Education – The education sector remains the most targeted globally, with educational institutions being vulnerable to attacks due to their large user bases and critical infrastructure.

    Government – Government organisations continue to be major targets due to their sensitive data and public sector responsibilities.

    Telecommunications – The telecommunications sector faces constant threats, with cybercriminals targeting its vast amount of sensitive data and communications infrastructure.

The June 2025 Global Threat Index highlights the rise of multi-stage malware campaigns and the growing sophistication of ransomware groups like Qilin. As FakeUpdates continues to be the most widespread malware, additional threats like AsyncRAT and Qilin ransomware demand urgent attention. Organisations in the education, government, and telecommunications sectors remain the most vulnerable. It's clear that as cybercriminals evolve their tactics, organisations must adopt comprehensive, proactive security measures to protect against these advanced threats.

For the full June 2025 Global Threat Index and additional insights, visit the Check Point Blog.

Follow Check Point via:  

LinkedIn: https://www.linkedin.com/company/check-point-software-technologies  

X: https://www.twitter.com/checkpointsw  

Facebook: https://www.facebook.com/checkpointsoftware  

Blog: https://blog.checkpoint.com  

YouTube: https://www.youtube.com/user/CPGlobal