Techfolio interviewed Allan Juma, Lead Cyber Security Engineer at ESET, on ESET Research’s Threat Report for H2 2025. His takeaway: the fraud economy is being upgraded. AI is not autonomous in attacks yet, but it is improving persuasion, speed, and scale.
How Deepfake Investment Scams Evolve in Kenya
What is most different in the fraud you are tracking?
Professionalism and velocity. HTML-based investment scam campaigns can be launched, advertised, and taken down quickly. Nomani is one example, with 62% year-on-year growth globally. The sites mimic brokers and use short-lived ad bursts to evade scrutiny. Deepfake video and impersonation are now central, because they create trust before a victim has time to think.
Kenya saw a deepfake tied to a late political figure. Why does that case matter?
It showed how a scam can move from social feeds into mainstream circulation. A deepfake impersonated a late prominent Kenyan political figure to promote a fraudulent investment scheme. It spread quickly across platforms and into media workflows. When credibility can be “manufactured” at that speed, the window for prevention shrinks.
Is AI Actually Launching Attacks, or Just Making Criminals Look Credible?
Many people say “AI attacks.” Are we there?
Not in the way the phrase implies. What we see is AI-assisted cybercrime. Criminals use AI to craft phishing emails that read cleanly and look authentic. AI also helps in parts of malware development, but the core playbooks remain social engineering, credential theft, and fraud.
Where does PromptLock fit in this debate?
Allan Juma: PromptLock was significant because it used an AI model during execution to generate malicious scripts dynamically. If that approach is hardened and adopted, detection gets harder because defenders cannot rely on stable signatures or repeatable patterns.
Was PromptLock active?
We did not see evidence of wide deployment. It surfaced in a public malware database and looked like a proof of concept. But once a technique is public, others can refine it.
Can Deepfake Video Supercharge Business Email Compromise in Africa?
You link deepfakes to business email compromise [BEC]. Why?
Allan Juma: Because BEC is already one of the biggest money-makers. The classic move is an “urgent transfer” request that pretends to be a CEO or supplier. Deepfake video can add pressure. Imagine a convincing video call from your “CEO” demanding a transfer. The defence is process. Call back on a trusted number. Verify via a second channel. A short pause is cheaper than a large loss. There have been global BEC cases in the tens of millions of dollars.
What about the platforms where these scams are marketed?
Allan Juma: Advertising and social platforms are part of the pipeline. Scam ads can slip through automated checks, and the business model rewards clicks. That gap invites tougher rules and faster takedowns.
What should Kenyan organisations prioritise on ransomware and mobile threats in 2026?
Beyond scams, what should security leaders watch?
Ransomware remains a growth story. ESET projects a 40% year-on-year increase in publicly reported victims versus 2024, with Akira and Qilin leading ransomware-as-a-service. We also saw “EDR killers” proliferate, tools designed to disable endpoint detection and response and create blind spots before a ransomware deployment.
Across Africa, victims cluster in manufacturing, construction, retail, technology and healthcare. Leak-site counts are biased, naming mainly non-payers, so trendlines signal momentum, not totals for now.
Mobile is also shifting. NFC threats rose 87% in telemetry. NGate added contact stealing. RatOn combined remote access capabilities with NFC relay attacks, pushed through fake app pages and ads.
Kenya’s ransomware picture seems underreported. Why?
Many incidents are handled quietly, so public data is thin. That makes risk harder to measure and lessons harder to share. Reporting helps law enforcement prioritise and helps peers prepare.
Any reasons for optimism?
Cooperation is improving. Operation Sentinel, coordinated by INTERPOL and AFRIPOL, led to 574 arrests and about $3 million recovered. But resilience still starts at home. Look left in your supply chain, and also right. If a major customer is hit and stops buying, your operations can stall even if you were never breached.
