A view of the H1 2025 risk panorama as seen by ESET telemetry and from the attitude of ESET risk detection and analysis consultants
26 Jun 2025
•
,
2 min. learn
From novel social engineering methods to classy cell threats and main infostealer disruptions, the risk panorama within the first half of 2025 was something however boring.
Some of the hanging developments this era was the emergence of ClickFix, a brand new, misleading assault vector that skyrocketed by over 500% in comparison with H2 2024 in ESET telemetry. Now the second most typical assault vector after phishing, ClickFix manipulates web customers into executing malicious instructions underneath the guise of fixing a faux error. The payloads on the finish of ClickFix assaults range broadly – from infostealers to ransomware and even to nation-state malware – making this a flexible and formidable risk throughout Home windows, Linux, and macOS.
The infostealer panorama additionally noticed vital shifts. With Agent Tesla fading into obsolescence, SnakeStealer (often known as Snake Keylogger) surged forward, turning into probably the most detected infostealer in our telemetry. In the meantime, ESET contributed to main disruption operations focusing on Lumma Stealer and Danabot, two prolific malware-as-a-service threats.
On the Android entrance, adware detections soared by 160%, pushed largely by a classy new risk dubbed Kaleidoscope. This malware makes use of a misleading “evil twin” technique to distribute malicious apps that bombard customers with intrusive adverts, degrading system efficiency. On the similar time, NFC-based fraud shot up greater than thirty-five-fold, fueled by phishing campaigns and ingenious relay methods. Whereas the general numbers stay modest, this bounce highlights the speedy evolution of the criminals’ strategies and their continued deal with exploiting NFC know-how. Every new iteration of NFC threats – from NGate to GhostTap, and most not too long ago SuperCard – demonstrates how attackers adapt to new safety measures.
The ransomware scene descended (even additional) into chaos, with fights between rival ransomware gangs impacting a number of gamers together with the highest ransomware as a service – RansomHub. Yearly knowledge from 2024 exhibits that whereas ransomware assaults and the variety of lively gangs have grown, ransom funds noticed a big drop. This discrepancy could also be the results of takedowns and exit scams that reshuffled the ransomware scene in 2024, but additionally partially resulting from diminished confidence within the gangs’ capacity to maintain their aspect of the discount.
Comply with ESET analysis on X, Bluesky and Mastodon for normal updates on key traits and high threats.
To study extra about how risk intelligence can improve the cybersecurity posture of your group, go to the ESET Menace Intelligence web page.
