In an eye-popping new report, ESET has unveiled a severe threat landscape update that spans from December 2024 to May 2025, revealing a staggering surge in cyber threats. Topping the list of alarming developments is ClickFix, an insidious new attack method that saw a jaw-dropping 500% increase in activity compared to the latter half of 2024.

ClickFix, now a formidable presence in cybercrime, accounted for nearly 8% of all blocked attacks in the first half of 2025, making it the second most common attack vector after phishing. This malicious method tricks victims into executing harmful commands by presenting them with a fake error message, targeting all major operating systems, including Windows, Linux, and macOS.

Jiří Kropáč, Director of Threat Prevention Labs at ESET, warned that the threats stemming from ClickFix are continually evolving. "From ransomware to infostealers, remote access trojans, and even custom malware engineered by nation-state actors, the landscape is rapidly changing," Kropáč stated.

Rising Infostealer Alarm: Meet SnakeStealer!

In the infostealer arena, a noteworthy transition has occurred. As the notorious Agent Tesla fades away, SnakeStealer (or Snake Keylogger) has emerged as the new front-runner, as seen in ESET’s telemetry. This powerful tool can log keystrokes, steal credentials, capture screenshots, and collect clipboard data, proving itself a major threat.

Moreover, ESET has spearheaded significant operations disrupting Lumma Stealer and Danabot, two well-known malware-as-a-service threats that were becoming increasingly prolific.

Ransomware Wars: Chaos among Gangs!

The ransomware scene remains chaotic, with rival gangs clashing and reshaping the landscape. Notably, the data from 2024 revealed that while ransomware attacks and the number of gangs surged, actual ransom payments plummeted. This drop may reflect a growing distrust in these gangs, likely a result of both police interventions and exit scams.

Android Adware on the Rise: Beware of Kaleidoscope!

On the mobile front, adware detections skyrocketed by an astonishing 160%, primarily due to a sophisticated new threat dubbed Kaleidoscope. This cunning malware employs a deceitful vi1 twin strategy to distribute harmful apps that overwhelm users with annoying ads, significantly degrading device performance.

Additionally, NFC-based fraud has surged more than thirty-five times, driven by inventive relay techniques and phishing campaigns. Although the overall figures seem modest, this spike underscores a swift evolution in the criminals' tactics.

GhostTap: A New Player in Mobile Fraud!

Research into GhostTap has revealed its chilling capabilities. By stealing credit card details, attackers can load victims' cards into their own digital wallets and make unauthorized contactless payments. These scams are scaled by organized fraud farms using multiple devices, while SuperCard X presents NFC theft as a 'harmless' app, stealthily capturing card data in real time.

Kropáč summarized the findings: "With innovative social engineering tactics, sophisticated mobile threats, and significant disruptions in the infostealer domain, the first half of 2025 has been anything but dull for the cybersecurity community."

Stay vigilant and informed as cyber threats continue to evolve. For further insights, the full ESET Threat Report for H1 2025 is available to explore.