Cybercriminals Abuse Open-Source Tools To Target Africa’s Financial Sector
Unit 42 researchers have been monitoring a series of attacks targeting financial organizations across Africa. We assess that the threat actor may be gaining initial access to these financial institutions and then selling it to others on the dark web. Since at least July 2023, a cluster of activity we track as CL-CRI-1014 has targeted this sector. The attackers employ a consistent playbook, using a combination of open-source and publicly available tools to establish their attack framework. They also create tunnels for network communication and perform remote administration.
OneClik: A ClickOnce-Based APT Campaign Targeting Energy, Oil and Gas Infrastructure
The Trellix Advanced Research Center has uncovered a sophisticated APT malware campaign that we’ve dubbed OneClik. It specifically targets the energy, oil, and gas sector through phishing attacks and the exploitation of Microsoft ClickOnce. The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious. Its methods reflect a broader shift toward “living off the land” tactics, blending malicious operations within cloud and enterprise tooling to evade traditional detection mechanisms.
You should probably delete any sensitive screenshots you have in your phone right now. Here’s why
It’s generally not a good idea to keep screenshots of sensitive information on your phone, but you should probably delete them, especially if they’re related to your crypto wallet. A new Trojan spy known as SparkKitty targets information from screenshots stored in your gallery. This spy, likely connected to the infamous SparkCat data stealer that emerged earlier this year, focuses on sensitive data, such as seed phrases for crypto wallets. The new Trojan was first mentioned on SecureList by Kaspersky.
Interpol Warns of Rapid Rise in Cybercrime on African Continent
Cybercrime now accounts for more than 30% of all reported crime in Western and Eastern Africa, and is increasing sharply elsewhere on the continent, Interpol has warned. The policing group revealed this week that two-thirds of African member countries claim cyber-related offenses now account for a “medium-to-high” (i.e. 10-30% or 30%+) share of all crimes. According to Interpol’s 2025 Africa Cyberthreat Assessment Report, some of the most prevalent cybercrime types are phishing-related scams, ransomware, business email compromise (BEC), digital sextortion and attacks on critical infrastructure, such as Kenya’s Urban Roads Authority (KURA) or Nigeria’s National Bureau of Statistics (NBS).
AI Evasion: The Next Frontier of Malware Techniques
Malware authors have long evolved their tactics to avoid detection. They leverage obfuscation, packing, sandbox evasions, and other tricks to stay out of sight. As defenders increasingly rely on AI to accelerate and improve threat detection, a subtle but alarming new contest has emerged between attackers and defenders. Check Point Research’s latest findings uncover what appears to be the first documented instance of malware intentionally crafted to bypass AI-driven detection, not by altering its code, but by manipulating the AI itself. Through prompt injection, the malware attempts to “speak” to the AI, manipulating it to say the file is harmless. This case comes at a time when large language models (LLMs) are becoming more integrated into malware analysis workflows, especially through tools that use the Model Context Protocol (MCP). This protocol allows AI systems to assist directly in reverse engineering, and as this kind of integration becomes more common, attackers are beginning to adapt.
