Malware in East Africa

Remember when your laptop was new? It was fast, shiny and never got hot. These days its slow, keeps hanging, the battery life is nonexistent and it gets so hot it’s no longer a “lap” top. My friend your beloved computer has been infected by malware short for malicious code.

Malware is software that has been installed on your information systems by means that i shall discuss later in this article, malware comes in many forms e.g. viruses, worms, trojan horses and ransomware just to name a few.

Types of Malware in East Africa

Security research companies have discovered multiple types of advanced malware in organizations in the region. The malicious software has been discovered mainly in Financial institutions and government systems. Some of the malware found includes Remote Trojans, Ransom ware and Data gathering viruses.

The scary thing is that most of the malware found is “anti-virus proof” and could not be detected by regular anti-virus programs. Malware has a large part to play in the $171 million, $ 85 million and $35 million Kenya, Tanzania and Uganda lost in 2016 to cyber-crime respectively.

Remote Access Trojans

Starting from October 2015 to August 2016 a number of organizations were targeted in a cyber heist that lasted 12 months. Through social engineering and insiders, the attacker was able to install data logging malware onto the critical systems of many financial institutions.

The attackers gathered information on financial processes of the institutions, logged keystrokes and captured vital credentials. They then carried out financial transactions by accessing the infected computers remotely to authorize EFTs and ATM transactions.

Skimmer Virus

In another incident, a certain major bank in Kenya had its systems infected by the Skimmer virus in the old days cyber criminals would place a physical skimming device on the ATM interface to physically steal card data, now they just infect the institutions systems.

Once the ATM running outdated software is infected, the criminals now have an ATM that can steal all your credentials and can also have its cash box emptied of all the large denominations. The skimmer virus conveniently gives the attackers the choice of whether they want the stolen data printed out on a receipt or directly on a blank cards magnetic strip.

Watch the skimmer virus in action.


Incidents of ransomware are on the rise and show no sign of decline, with the wannacry ransomware attack being the latest incident. This malware brought the London health care system to a halt.

Ransomware is as exactly as it sounds, a malicious code that encrypts data on your systems and then demands that you pay a ransom in bitcoin to get your data back. The recent attack was a worldwide attack and some institutions in Kenya were targeted according to the Kaspersky cyber events map.

Another common ransomware in the region is locky which comes in an email attachment titled “invoice”. Once opened the word document will request the user to enable macros, if the user does this files will be encrypted and assigned the extension .locky. To get your data back one must part with between .5- 1 bitcoin ($600-$1200) and it’s not even guaranteed that you get your data back.

Wanna cry 

Locky Ransomware 


Advanced Persistent Threat

Some of the more sinister attacks are the ones that are going on but no one knows it’s happening. An organization in the U.S recently found malware on its systems, after some investigations they were shocked to realize that their systems had been infected for more than 10 years!

Further research revealed that the malware was carrying covert missions like gathering executive data (mergers, acquisitions, financials), managerial data (future plans, impending firings), manufacturing data (blue prints, trade secrets), updating the organizations own anti-virus software to conceal its own signature, logging credentials and then it would covertly communicate with the CNC server at regular work hours therefore arising no suspicions.

Imagine the amount of data that was gathered in this one organization, now multiply that by 10 000 organizations over 10 years, the attackers have more than enough information to start their own organization, but that’s a topic for another article.

The Rise of Cyber Crime

High speed internet, large amounts of money, laxity in laws and most importantly unemployment has led to rise of cyber-crime in the region.

The bank robbers of today don’t need guns to get away with the loot, and in 2016 they did just that to the tune of $291 million (Kenya, Uganda, Tanzania combined) but just for maximum effect lets convert that to good ole Kenya shilling, Ksh 30,074,850,000 that’s thirty billion seventy-four million eight hundred and fifty thousand shillings!

Other reasons for the rise is Fraud, some crafty people are using the newly installed E-Systems in the region to commit land fraud, identification fraud, death certificates and even birth certificates.

The recent leaked nude pics of the Rwandan presidential candidate are a clear sign of how cyber-crime and politics is going to play out in Kenya, Uganda and Tanzania. This young lady’s political career has been tarnished thanks to cyber-crime.

The fact that computers and E-Systems are popping up everywhere is also another reason why the crime is fast rising. The region is experiencing rapid growth in all areas of industry and integration of digital systems is inevitable, the digital systems are making life easier but how secure are these systems?

SCADA systems that control major infrastructure systems make for tantalizing targets. What if KPLC were to be hit with a ransomware? Would they rather we paying customers be in the dark or they pay the ransom? Online videos showing people making Ransomware payments is also leading to the rise of upper management conceding to the crime.

Kenyan trends.

  • China Phones – Kenyans love a bargain (Gikomba), why spend a fortune on an original Samsung S6 while you can get a replica for less than a quarter of the price! A research company found that most of the fake Chinese phones sold in the local market have data gathering capabilities. An October 2012 Central Intelligence Agency (C.I.A) report led the Australian government to ban a range of Chinese electronic products, the C.I.A believes that the electronics were doing more than what was written on the box.
  • The DVD Guy- unbeknownst to many, that Season 7 copy of game thrones that you get from the DVD guy is a very effective and cheap way of spreading all sorts of malware. Everything from Ransomware, Remote access trojans and viruses that turn your computer into a zombie for a botnet.
  • Streaming Movies/File sharing- just like DVDs, file sharing sites and illegal streaming sites are a gold mine for an attacker looking for victims to infect. New research has showing how attackers can take over your systems using closed captions.
  •  What’s App – what’s app groups are like a primary school class, if one kid comes to class with a cold, by end of the week the whole class will be sick. People are quick to follow links that have been sent to them, people are quick to open videos and people are willing to do the whole “send to 10 people on your contact list” thing. Most links sent on what’s app are shortened and you can’t know where it will lead you, others like pictures can leave you hacked.
  • Free Wi-fi – many have fallen victim to the free wi-fi scam that goes something like this: your phone alerts you to a wi-fi connection. You connect, as its authenticating, a screen pops up and requests that you to login in with either Instagram of Facebook, once you enter your credentials you get a mediocre internet connection plus the attacker now has your social media logins.
  • Ignorance- a lot of us in the region believe they can never get hacked or have no reason to be hacked, the truth is that most major data breaches begin with small tiny hacks, so you may think there is no reason to be hacked but you could be used as vectoring point or a pivot in a major hack!

Malware in East Africa is a real threat, a smart phone is supposed to make life easier not spy on you, it is tool that is supposed to be used for good but yet a little malicious code can turn it into your worst enemy.

Malware is here to stay, it’s bound to get more advanced, easier to access and easier to use. The malware of the future will be weaponized and will have same capabilities of a tomahawk cruise missile


There is no one solution to the problem of malware, but there are some things one can do to reduce the likely hood of an attack:

  •  Do not open any e-mail of which you do not trust the source
  •  Always update systems, include a patch management policy in the organization.
  • Stay current with the cyber security trends (you owe it to your organization).
  • Despise the free lunch i.e. avoid free downloading sites, shady streaming sites and free flash drives.
  • Install an anti-virus that is well known and is updated regularly, never download a free anti-virus.
  •  Avoid sharing movies directly with friends through external drives
  •  Avoid what’s app groups that are constantly asking you check out a link, download an app to view or view some socially irresponsible pictures.
  •  Include training for employees in the budget
  •  And finally, use good judgement. You wouldn’t walk into a dangerous neighborhood at night then why would you spend so much time on that sleazy shady web site?

This should be enough for you not to become a victim of cyber-crime. Have malware free day!