ESET H1 2025 Threats: ClickFix, NFC Fraud, Ransomware

ESET’s H1 2025 Threat Report captures a turbulent half-year in cybersecurity: inventive social engineering, fast-evolving mobile threats, and turmoil among ransomware gangs reshaped the risk landscape.

Key highlights from ESET telemetry and research:

• ClickFix explodes: Up 500% vs. H2 2024 and now the second most common attack vector after phishing. It tricks users into running malicious commands via fake error-fix prompts. Payloads vary from infostealers and ransomware to nation-state malware, hitting Windows, Linux, and macOS.
• Infostealers reshuffled: Agent Tesla wanes as SnakeStealer (aka Snake Keylogger) becomes the most detected infostealer. ESET supported disruption efforts against Lumma Stealer and Danabot, two major malware-as-a-service operations.
• Android threats escalate: Adware detections surged 160%, driven by the sophisticated "Kaleidoscope" campaign using an "evil twin" strategy to spread convincing lookalike apps that flood devices with intrusive ads and degrade performance.
• NFC fraud surges: More than a 35-fold rise, fueled by phishing and inventive relay techniques. Although absolute numbers remain modest, rapid iteration is clear—NGate, GhostTap, and most recently SuperCard show attackers adapting to new defenses.
• Ransomware in disarray: Infighting and disputes among gangs, including impacts on top RaaS outfit RansomHub. 2024 data shows attacks and active groups increased, yet ransom payments dropped significantly—likely due to takedowns, exit scams, and shrinking trust that gangs will uphold their promises.

Stay informed: Follow ESET Research on X, Bluesky, and Mastodon for ongoing insights, and explore the ESET Threat Intelligence page to bolster your organization’s defenses.

Source: WeLiveSecurity