FakeUpdates, Top Threat Globally and in Spain
This JavaScript downloader affected 11 % of the companies in Spain during the month of April.
FakeUpdates is the dominant threat at the moment. According to Check Point Research’s April 2025 Global Threat Index, it affects 6 % of businesses.
This puts FakeUpdates ahead of other threats in circulation in various countries such as Remcos and AgentTesla.
It consists of a JavaScript downloader that writes payloads to disk before launching them.
Its action leads to other malware, such as GootLoader, Dridex, NetSupport, DoppelPaymer and AZORult.
In addition to standing out globally, it is the number one threat in Spain, with 11 % of companies affected.
It is followed in Spain by the Androxgh0st botnet, which in April affected 3.5 % of companies, and the Remcos remote access Trojan, with 2.6 % of businesses among its victims.
Check Point Research highlights that cybercriminals are banking on a convergence of commercial malware with advanced techniques .
This means that recently, tools such as AgentTesla and Remcos, which in the past were sold cheaply and openly, are now embedded in complex delivery chains.
Lotem Finkelstein, director of Threat Intelligence at Check Point Software, warns of this ‘increasing complexity of cyber threats’.
‘Attackers are layering encrypted scripts, legitimate processes and obscure execution chains to remain undetectable,’ he explains.
‘What we used to consider low-level malware,’ says Finkelstein, ‘is now weaponised in advanced operations’.
Therefore, in his opinion, ‘businesses need to take a proactive approach that integrates real-time threat intelligence, artificial intelligence and behavioural analysis’ to deal with cybercriminals’ techniques.
