Poland has become a growing target for DDoS campaigns and advanced malware, according to new data from Check Point Software Technologies. In April 2025, the most frequently detected cyberthreat in Poland was FakeUpdates – a deceptive downloader disguised as a browser update.
Just days ago, websites belonging to Polish companies and public institutions were hit by DDoS attacks linked to pro-Russian groups NoName057(16) and Dark Storm. While these incidents only caused temporary disruptions, they underscore a broader threat landscape. Hackers are not only pursuing politically motivated attacks – they are also after money and sensitive data.
FakeUpdates: Poland’s Top Malware Threat
According to Check Point, FakeUpdates accounted for 3.62% of all infections in Poland last month. This malware is typically distributed through compromised websites and often serves as a gateway to further infections. Other top threats in Poland include:
- AsyncRat (1.99%) – a remote access trojan used to control infected computers, often delivered via phishing emails.
- Androxgh0st (1.99%) – Python-based malware that targets cloud applications and installs backdoors.
- Pony Stealer – a classic data-stealing tool that captures credentials and cryptocurrency wallet data.
- FormBook – an infostealer that runs in the background, collecting login data, screenshots, and browser information.
On a global scale, FakeUpdates was also the #1 threat, responsible for 6% of infections worldwide.
New Wave of Sophisticated, Multi-Stage Attacks
Check Point experts also highlighted a rise in complex, multi-stage cyberattacks using malware like AgentTesla, Remcos, and Xloader (an evolution of FormBook). These tools are often embedded in legitimate-looking Windows processes, making them harder to detect. The attacks usually begin with phishing emails containing .7z attachments, triggering a sophisticated malware chain that bypasses standard security solutions.
“What used to be considered basic, low-tier malware is now being deployed in highly sophisticated, multi-layered attacks,” warn Check Point analysts. “Educational, research, and government institutions are especially vulnerable.”
Top 5 Malware in Poland – April 2025
| Malware | Description |
|---|---|
| FakeUpdates | Poses as browser updates, distributed via compromised websites; linked to Russia’s Evil Corp. |
| AsyncRat | Remote access tool used to hijack computers via phishing emails. |
| Androxgh0st | Python-based malware that targets cloud apps and installs backdoors. |
| Pony Stealer | Steals login credentials and crypto wallet data. |
| FormBook | Background infostealer capturing screenshots and browser data. |
Education Sector Hit Hardest
Globally, the education and research sector remains the most targeted, due to the high number of users and generally low security standards. The same trend is evident in Poland, where schools and universities are becoming prime targets for cybercriminals.
Ransomware: A Growing and Unrelenting Threat
The first quarter of 2025 witnessed an unprecedented surge in ransomware attacks worldwide. The number of publicly disclosed victims rose by 126% year-over-year, reaching an all-time high. According to Check Point, April’s ransomware landscape was dominated by the following groups:
- Akira (11% of global attacks) – encrypts files on Windows and Linux systems.
- SatanLock (10%) – known for rapid deployment and strong encryption.
- Qilin (also known as Agenda, 10%) – frequently targets healthcare and education sectors.
Source: ManagerPlus – Poland under cyberattack: FakeUpdates and ransomware dominate in April
