Key Findings
ClickFix became the second most common attack method after phishing.
ESETESET Threat Report H1 2025·Jun 26, 2025
ClickFixPhishing
ClickFix was responsible for nearly 8% of all blocked attacks in H1 2025.
ESETESET Threat Report H1 2025·Jun 26, 2025
ClickFix
Before disruption, Lumma Stealer activity in H1 2025 was higher than in H2 2024 (+21%).
ESETESET Threat Report H1 2025·Jun 26, 2025
Infostealer
NFC-based fraud spiked by more than thirty-five-fold.
ESETESET Threat Report H1 2025·Jun 26, 2025
Fraud
Danabot activity was up even more, by +52%.
ESETESET Threat Report H1 2025·Jun 26, 2025
Bot
Yearly data from 2024 shows that while ransomware attacks and the number of active gangs have grown, ransom payments saw a significant drop
ESETESET Threat Report H1 2025·Jun 26, 2025
RansomwareRansom
Android adware detections jumped 160%.
ESETESET Threat Report H1 2025·Jun 26, 2025
AdwareAndroid
ClickFix, a new deceptive fake error attack vector, surged by over 500% compared to H2 2024 in ESET telemetry.
ESETESET Threat Report H1 2025·Jun 26, 2025
ClickFix