Report by ESET

ESET Threat Report H1 2025

8 FINDINGSPublished Jun 26, 2025
View Original Report →

Key Findings

ClickFix became the second most common attack method after phishing.

ESETESET Threat Report H1 2025·10mo ago
ClickFixPhishing

ClickFix was responsible for nearly 8% of all blocked attacks in H1 2025.

ESETESET Threat Report H1 2025·10mo ago
ClickFix

Before disruption, Lumma Stealer activity in H1 2025 was higher than in H2 2024 (+21%).

ESETESET Threat Report H1 2025·10mo ago
Infostealer

NFC-based fraud spiked by more than thirty-five-fold.

ESETESET Threat Report H1 2025·10mo ago
Fraud

Danabot activity was up even more, by +52%.

ESETESET Threat Report H1 2025·10mo ago
Bot

Yearly data from 2024 shows that while ransomware attacks and the number of active gangs have grown, ransom payments saw a significant drop

ESETESET Threat Report H1 2025·10mo ago
RansomwareRansom

Android adware detections jumped 160%.

ESETESET Threat Report H1 2025·10mo ago
AdwareAndroid

ClickFix, a new deceptive fake error attack vector, surged by over 500% compared to H2 2024 in ESET telemetry.

ESETESET Threat Report H1 2025·10mo ago
ClickFix