The IT security company Check Point Software has released its April 2025 Threat Landscape report, which shows that FakeUpdates continue to dominate. At the same time, the researchers reveal how cybercriminals are now combining simpler malware with advanced techniques to evade detection – a development that increases the risk of intrusions into Swedish businesses.

FakeUpdates, also known as SocGholish, was once again the most widespread malware during the month of April, affecting 6 percent of businesses globally. In Sweden, 7.62 percent were affected, which is a clear first place. In second place is Androxgh0st with 2.88 percent, followed by Remcos at 1.52 percent.

The researchers at Checkpoint At the same time, it warns of a growing trend: multi-stage attacks where simpler malware, such as AgentTesla, Remcos and Xloader, are used in advanced chains to break into systems and steal information. The attacks often begin with phishing emails that appear legitimate and contain attached zip files with malwareThis code then activates a script which in turn starts a chain of program files that inject malware into Windows processes. The result is very difficult-to-detect attacks with great potential for damage.

Advertisement

“We see how the threat landscape is developing rapidly,” says Mats Ekdahl, Security expert at Check Point SoftwareCybercriminals can launch large-scale attacks using tools that are sold openly for a few hundred dollars. Therefore, it is crucial that organizations adopt a proactive security mindset and take advantage of technology that analyzes in real time.

For more information, read Check Point Software's Blog: https://blog.checkpoint.com/research/april-2025-malware-spotlight-fakeupdates-dominates-as-multi-stage-campaigns-blend-commodity-malware-with-stealth/