Inside ESET’s H1 2025 Threats: ClickFix to Ransomware

Cybercrime got crafty in H1 2025. ESET’s latest Threat Report spotlights social engineering mind games, major infostealer crackdowns, and a dark‑web turf war among ransomware crews.

ESET Distinguished Researcher Aryeh Goretsky and Security Awareness Specialist Ondrej Kubovič unpack three big storylines on the ESET Research Podcast.

1. ClickFix surges, FakeCaptcha deceives

• ClickFix exploded from non-existent a year ago to the second most prevalent threat, driven by simple but highly persuasive prompts that trick users into clicking through security barriers.
• A standout variant, FakeCaptcha, abuses the familiar human verification mechanism to weaponize trust and nudge victims into executing malicious commands.

2. Infostealers face coordinated disruptions

• Law enforcement and private sector actions hit several infostealer-as-a-service operations hard: RedLine/Meta Stealer (late 2024), plus recent operations targeting LummaStealer and Danabot.
• The hosts explain why these services appealed to affiliates, how takedowns disrupt their economies, and where ESET research directly supported the operations.

3. Ransomware ‘deathmatch’ on the dark web

• In a bout of infighting, the lesser-known Dragonforce gang defaced data leak sites (DLS) run by rivals Mamona and BlackLock and ultimately knocked offline the DLS of then-leader RansomHub.
• The episode examines what this escalation reveals about ransomware group dynamics and reputational jockeying.

Listen for a fast, practical breakdown, then dive deeper by downloading the ESET Threat Report H1 2025 from the Threat Reports section — no paywall or registration required.

Discussed

• ClickFix and FakeCaptcha — 1:05
• Whack-a-hack, infostealer edition — 9:20
• Ransomware deathmatch — 18:40

Source: WeLiveSecurity