Socially engineered fraud is emerging as one of the most persistent digital threats in Kenya, according to ESET’s latest Threat Report covering the second half of 2025. The report, backed by regional briefings and telemetry data, points to a surge in investment scams powered by deepfake video, impersonation and AI-generated phishing infrastructure
Researchers say the trend reflects a broader shift in cybercrime economics. AI is not yet launching attacks on its own, but it is dramatically lowering the skill threshold required to run convincing scams. Allan Juma, the Lead Cyber Security Engineer at ESET noted in the briefing, phishing emails are now “crafted so beautifully” that even experienced professionals struggle to detect them. Cybercrime, in practical terms, is becoming “AI-assisted.”
Deepfake Investment Scams Spread Across Kenya
Investment scams built on HTML-based templates continue to expand globally. ESET tracked a 62% year-on-year increase in the Nomani scam ecosystem, which uses short-lived advertising, fake trading platforms and celebrity impersonations to attract victims.
Kenya has already seen the impact. In one high-profile incident, a deepfake video impersonated a late prominent political figure to promote a fraudulent investment scheme. The clip spread rapidly across social media and even reached mainstream news outlets before being exposed as fake.
Researchers say such campaigns succeed because they mimic trust. Attackers increasingly rely on the appearance of legitimacy rather than technical sophistication. High-quality AI-generated videos, realistic phishing pages and polished messaging enable even low-skill actors to run credible fraud operations at scale.
AI-Assisted Phishing and Malware Lower the Barrier to Entry
While headlines often focus on autonomous AI attacks, ESET’s findings suggest a more immediate reality. Criminal groups are using AI tools to write phishing emails, generate graphics and assist in parts of malware development.
This assistance model is already reshaping threat dynamics. Sophisticated-looking campaigns can now be produced quickly and cheaply. As a result, the volume of scams is rising even as technical complexity remains relatively stable.
The most notable technical development was PromptLock, the first known AI-driven ransomware sample capable of generating malicious scripts during execution. The malware used a large language model to analyse a victim’s system and dynamically create code to encrypt or exfiltrate data.
Researchers believe the sample was likely a proof of concept rather than an active campaign. However, its publication demonstrated that such attacks are technically feasible and may become harder to detect as they evolve.
Ransomware and Mobile Threats Continue to Grow
Beyond AI-assisted scams, traditional cyber threats remain active. ESET projects a 40% year-on-year rise in publicly reported ransomware victims globally in 2025. Groups such as Akira and Qilin now dominate the ransomware-as-a-service ecosystem.
On mobile devices, near-field communication [NFC] threats grew by 87% in ESET telemetry. New malware families combined remote access capabilities with NFC relay attacks, often distributed through fake app stores and deceptive advertisements.
Kenya’s true ransomware exposure remains unclear. Many incidents are handled quietly, limiting public data. Still, the country is increasingly involved in cross-border enforcement efforts. Operation Sentinel, coordinated by INTERPOL and AFRIPOL, led to 574 arrests and the recovery of about $3 million linked to cyber-enabled crime.
AI is not replacing cybercriminals. It is making them faster, cheaper and more convincing. For businesses and consumers alike, the most immediate risk lies not in futuristic AI attacks, but in today’s highly believable scams.
