Kaspersky Warns of StealC v2 Malware Spreading via Facebook in Africa

The Kaspersky Global Research and Analysis Team (GReAT) has sounded the alarm over a new wave of cyberattacks across Africa and beyond, driven by the spread of StealC v2, a powerful new version of an information-stealing malware. Since late August 2025, researchers have identified over 400 incidents in multiple regions, including confirmed cases in Kenya, Angola, Ethiopia, Niger, Uganda, and Zambia, with further reports emerging from North, West, and Southern Africa.

How the Campaign Works

According to Kaspersky, the malware campaign uses Facebook messages as the delivery vector. Victims receive fraudulent messages containing links disguised as official account-block notifications. Once clicked, the link redirects to a fake Facebook support page, claiming the user’s account has been suspended due to “suspicious activity.”

The page urges victims to “appeal” by clicking a button. Instead of restoring access, this action downloads a malicious script that installs StealC v2 on the device. Once active, the malware immediately begins harvesting sensitive data, including:

• Passwords and login credentials

• Cookies and browsing histories

• Cryptocurrency wallet data

• Screenshots of user activity

This stolen data can then be sold on the dark web or exploited for further cybercrime.

Evolution of StealC Malware

The original StealC malware first surfaced in 2023 on underground forums as a Malware-as-a-Service (MaaS) product, quickly gaining traction among cybercriminals due to its affordability and effectiveness.

The 2025 variant, StealC v2, introduces enhanced capabilities, making it more dangerous for both individuals and businesses. It is now capable of targeting a wider array of data sources and operating more stealthily, increasing the risk of large-scale breaches.

“Cybercriminals often exploit users’ fear of losing account access and a perceived sense of urgency. This pressure can lead individuals to act without caution, increasing the risk of infection by malware such as StealC v2. Users should remain vigilant and always verify the authenticity of messages before clicking any links,” said Marc Rivero, lead security researcher at Kaspersky GReAT.

Countries Affected

While the majority of incidents have been recorded in Africa, StealC v2 infections have also been observed globally. In Africa, confirmed cases include: Angola, Benin, Burkina Faso, Chad, Egypt, Ethiopia, Gabon, Kenya, Libya, Madagascar, Mali, Morocco, Mozambique, Niger, Tunisia, Uganda, Zaire, and Zambia.

Recommendations for Users

Kaspersky has urged both corporate and individual users to strengthen their cyber defenses and adopt proactive security measures. Key recommendations include:

• Exercise caution with links: Fake emails and websites may look legitimate but often contain subtle errors such as misspelled URLs.

• Beware of urgency: Fraudulent messages often create pressure with warnings about account suspension or immediate risks.

• Verify communications: Always double-check unsolicited messages, calls, or links—even if they appear to be from known platforms.

• Protect authentication details: Never share two-factor authentication (2FA) codes or personal login details.

• Use advanced security tools: Employ solutions like Kaspersky Next (for businesses) and Kaspersky Premium (for individuals) to detect and block phishing attempts.

Rising Cybersecurity Threats in Africa

The rapid adoption of digital platforms and social media in Africa has made the region a growing target for cybercriminals. Campaigns like StealC v2 highlight the urgent need for both cyber awareness and investment in security infrastructure, particularly as online financial transactions and e-commerce continue to expand across the continent.

With its ability to compromise both individuals and enterprises, StealC v2 is not just a threat to privacy but also a potential disruptor of business operations. Experts warn that if unchecked, such campaigns could erode trust in digital platforms at a time when Africa is accelerating its transition toward a digital economy.

Staying Safe

Ultimately, Kaspersky’s warning serves as a reminder that cyber hygiene is just as important as physical security. Users must be vigilant, avoid impulsive clicks, and invest in tools that can protect against increasingly sophisticated cyber threats.