Cybersecurity firm Kaspersky has raised concern over a malicious campaign sweeping across Africa, with cybercriminals spreading the StealC v2 infostealer through fraudulent Facebook messages. Since late August 2025, more than 400 incidents have been recorded, with confirmed cases in Kenya, Angola, Ethiopia, Niger, Uganda, Zambia and at least a dozen other African countries.

The campaign lures Facebook users with fake notifications claiming their accounts have been blocked. Victims are directed to a counterfeit support page that urges them to “restore access” by clicking an “Appeal” button. Instead, this action downloads a malicious script that installs StealC v2 on their devices. Once active, the malware steals passwords, cookies, screenshots, and even cryptocurrency wallet information.

“Cybercriminals often exploit users’ fear of losing account access and a perceived sense of urgency. This pressure can lead individuals to act without caution, increasing the risk of infection by malware such as StealC v2. Users should remain vigilant and always verify the authenticity of messages before clicking any links,” said Marc Rivero, Lead Security Researcher at Kaspersky’s Global Research and Analysis Team.

StealC v2, first observed in 2025, enhances the capabilities of the original StealC malware, which emerged on dark web platforms in 2023. Its evolution, coupled with availability through the Malware-as-a-Service model, has made it one of the most sought-after tools for cybercriminals. The risk now extends to both individuals and organizations across the continent, highlighting Africa’s growing vulnerability to advanced cyber threats as digital adoption accelerates.

Kaspersky is urging both corporate and individual users in Africa to be cautious when clicking links, especially those that appear urgent or threatening, and to verify unsolicited messages before taking action. The company also recommends avoiding the sharing of sensitive information such as two-factor authentication codes, and investing in robust security solutions like Kaspersky Next for enterprises and Kaspersky Premium for individuals to help block phishing and malware attempts.

Confirmed infections of StealC v2 have been reported in Angola, Benin, Burkina Faso, Chad, Egypt, Ethiopia, Gabon, Kenya, Libya, Madagascar, Mali, Morocco, Mozambique, Niger, Tunisia, Uganda, Zaire and Zambia, with additional cases also observed in other regions worldwide.