Malware: 41% of Africans attacked by on-device threats in 2025

A new report reveals that 41% of Africans were attacked by on-device malware threats in 2025. This is according to findings by Kaspersky, a global cybersecurity and digital privacy company.

The report, which recorded a surge in threats globally, noted that on-device malware threats attacked 33% of users around the world. Going to the regions, Africa recorded the highest spate of attacks with 41% users attacked, followed by the Asia-Pacific (APAC) region at 33%. The Middle East is next at 32%, Latin America saw 30% of users attacked, and Europe witnessed 20%.

On-device threats are malware spread via removable USB drives, CDs and DVDs. They can also make their way into computers in non-open forms, such as programs in complex installers, encrypted files, and so on. The report noted that this kind of threat has become a leading tool used by fraudsters to assess and gain control of online users’ information.

Another form of malware attack is normal web threats, which affect 27% of users. Web threats are malware that target users when they are online. While they are not limited to online activity, they involve the internet at some stage to inflict harm.

Regarding the regions affected, 21% of Africans were attacked by this type of malware threat in 2025. Leading the pack is Latin America with 26%, 21% in Europe and 19% in the Middle East.

Notably, a significant revelation made by Kaspersky this year was the resurgence of the Hacking Team after its 2019 rebranding. The group now employs its commercial spyware, Dante, used in the ForumTroll APT campaign by incorporating zero-day exploits in Chrome and Firefox browsers.

Alexander Liskin, Head of Threat Research at Kaspersky, explained that vulnerabilities are a leading point of contact used by attackers to access social networks. Another means is the use of stolen credentials, which explains the rise in password stealers.

“This increasingly complex threat landscape makes implementing robust cybersecurity strategies vital for organisations, as failure to do so can lead to months of downtime in the event of attacks,” he added.

Compared to 2024, the number of malware attacks increased. The report noted that Kaspersky detection systems discovered an average of 500,000 malicious files per day in 2025, a 7% year-on-year increase. 

In addition, some particular threats saw a significant YoY surge. Password stealer detections recorded a 59% surge, spyware detections saw 51% growth, while backdoor detections recorded 6% YoY surge.

The report shows that Windows remains the primary target for cyberattacks, as 48% of users on Windows were targeted by different types of threats throughout 2025. Whereas, 29% Mac users are exposed to threats during the year.

Also Read: Here are 7 habits that compromise your personal and data safety online.

Malware: preventive measures 

While malware threats and all forms of online attacks that compromise users’ data continue to increase, users are encouraged to use reliable security solutions. Data exposure not only puts their data and money at risk, but also that of the organisations where they work.

As issued by Kaspersky, individuals can adopt the following preventive measures against malware attacks.

• Avoid downloading and installing applications from untrusted sources.
• Do not click on any links from unknown sources or suspicious online advertisements.
• Use two-factor authentication when available. 
• Create strong and unique passwords, using a mix of lower-case and upper-case letters, numbers, and punctuation. 
• Use a reliable password manager to help to remember them.
• Always install updates when they become available; they contain fixes for critical security issues.
• Ignore messages asking to disable security systems for the office or cybersecurity software.

For organisations 

• Regularly back up corporate data and keep it isolated from the network.
• Software updates should be kept on all devices used to prevent attackers from infiltrating networks by exploiting vulnerabilities.
• Do not expose remote desktop services (such as RDP) to public networks unless necessary, and always use strong passwords for them.

Aside from the above measures, individuals and organisations can take cybersecurity classes to stay up to date.