A recent report from Check Point Research, corresponding to the Global Threat Index of March 2025, has revealed that the malware known as FakeUpdates has affected 15% of companies in Spain. This downloader has become one of the main players in the field of cyber threats worldwide, standing out for its ability to distribute other malicious programs. To evade detection, FakeUpdates uses legitimate platforms such as Dropbox and TryCloudflare.
During the same month, a new intrusion campaign was identified that not only spreads FakeUpdates, but is also linked to attacks using the ransomware RansomHub. Cybercriminals appear to have intensified their efforts, adapting their tactics and increasingly using reliable services and platforms to carry out their attacks effectively.
The report also highlights a devastating phishing campaign, which has compromised more than 1,150 companies and 7,000 users in various regions, including North America, Southern Europe, and Asia. Attackers distributed approximately 5,000 malicious PDF files, using fraudulent CAPTCHA images to run malicious scripts in PowerShell, thus facilitating the installation of malware. This tactic is linked to Lumma Stealer, which is associated with fake Roblox games and pirated tools.
Maya Horowitz, Check Point Software’s VP of Research, warned about the continued evolution of cybercriminal strategies, which forces organizations to adopt proactive measures and remain alert to the growing landscape of cyber threats.
The report also mentions other malware families that have impacted companies in Spain. After FakeUpdates, the second most relevant malware is AsyncRat, a remote access Trojan that has affected 3.2% of businesses, followed by Androxgh0st, a botnet that has also impacted 3.2% of companies.
In the mobile realm, Anubis remains the most distributed banking Trojan, while Necro and AhMyth continue to pose significant threats to mobile device users. Globally, the education sector is the most attacked, followed by telecommunications and government.
On the other hand, RansomHub stands out as the most active ransomware group, responsible for a large portion of detected attacks. This group is followed by the Qilin and Akira groups, which continue to expand their operations through sophisticated deception tactics and vulnerability exploitation. The situation reflects a complex and challenging landscape in cybersecurity, where vigilance and adaptation are crucial for businesses in their fight against cyber threats.
Referrer: MiMub in Spanish
