According to the last Global Threat Index of Check Point Researchthe panorama of cyber threats in June 2025 confirms a now familiar mix but in constant evolution: Fakeupdates The most common malware remains globally and in Italy, while Asyncrat earn positions, driven by new campaigns that exploit “legitimate” channels such as Discord to infiltrate systems. The analysis, published today, shows how cybercriminals are adopting increasingly refined strategies, making safety a constant exercise of updating and reaction.

In Italy, Fakeupdates, the javascript based downloader often associated with the group Evil Corpstill hits the 7.24% of organizationswhile recording a drop of 16% compared to the previous month. Behind him, Androxgh0st (+14.8%) and the aforementioned Asyncrat (+2.3%) Complete a podium that reflects global tendencies but with even more marked local impacts.

Worldwide, the ranking is similar: Fakeupdates maintains the primacy (4.22%), but concern for Asyncrat (2.26%) grows, which in recent weeks has intensified the distribution by exploiting Discords modified discordsconveying Payload harmful with discretion and high effectiveness. A move that uses confidence in the app, widely used in gaming and corporate environments.

Discord in the sights: Asyncrat’s “silent” strategy

The name may not say much to the generalist public, but for those who deal with cybersecurity, Asyncrat It is today one of the most subtle threats. This Remote Access Trojan allows attackers a complete control of infected machines: it can collect data, install plugins, end processes, update independently and even capture screens.

The most worrying data? There distribution technique. The attackers are exploiting Invitation link to Discord (apparently legitimate) to perform malicious downloads in the background. Once installed, the malware establishes a communication with remote servers, from which it receives commands to expand the infection.

“Asyncrat shows how the threat ecosystem is evolving towards the use of trusted platforms as attack carrier”explains Lotem FinkelsteinDirector of Threat Intelligence of Check Point. “This requires a rethinking of the safety approach, which must be multi-level and based on real-time intelligence.”

Ransomware Qilin, the constant that worries

Parallel, The Qilin group It continues to represent one of the most dangerous faces of the ransomware-as-a-service. Responsible for 17% of global ransomware attacksQilin targeted in particular the sectors with high strategic value such as Health and educationusing double extortion tactics: data encryption + sensitive information theft.

The group, also known as Agendause Highly customized Phishing email To compromise the corporate networks, and has established itself as one of the protagonists of the Ransomware scene, together with SafePay and Akira.

Mobile threats and sectors in the sights: the attacking surface widens

Mobile devices also remain under attack. Anubisan advanced Banking Trojan capable of bypass the authentication with two factorsis currently the most widespread mobile malware. Followed by AhmythRat Android disguised as legitimate apps, e Necrowhich transforms smartphones into botnet knots.

The most targeted sectors in the world? Instruction, public administration And telecommunications. Three areas where the critical infrastructure, the large user base and the amount of sensitive data make the defenses more complex to maintain.