ESET Threat Report: ClickFix fake error surges, spreads ransomware and other malware
ClickFix attacks display a fake error that manipulates the victim into copying, pasting, and executing malicious commands on their devices. The attack vector affects all major operating systems including Windows, Linux, and macOS. 'The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, post-exploitation tools, and even custom malware from nation-state-aligned threat actors,' says Jiří Kropáč, Director of Threat Prevention Labs at ESET.
The infostealer landscape also saw significant shifts. With Agent Tesla fading into obsolescence, SnakeStealer (also known as Snake Keylogger) surged ahead, becoming the most detected infostealer in our telemetry. SnakeStealer's capabilities include logging keystrokes, stealing saved credentials, capturing screenshots, and collecting clipboard data. Meanwhile, ESET contributed to major disruption operations targeting Lumma Stealer and Danabot, two prolific malware-as-a-service threats. Before the disruption, Lumma Stealer activity in H1 2025 was higher than in H2 2024 (+21%) and Danabot was up even more, by +52%. This shows that both were prolific threats, making their disruption that much more important.
The ransomware scene further descended into chaos, with fights between rival ransomware gangs impacting several players, including the top ransomware as a service – RansomHub. Yearly data from 2024 shows that while ransomware attacks and the number of active gangs have grown, ransom payments saw a significant drop. This discrepancy may be the result of takedowns and exit scams that reshuffled the ransomware scene in 2024, but may also be partially due to diminished confidence in the gangs' ability to keep their side of the bargain.
On the Android front, adware detections soared by 160%, driven largely by a sophisticated new threat dubbed Kaleidoscope. This malware uses a deceptive 'evil twin' strategy to distribute malicious apps that bombard users with intrusive ads, degrading device performance. At the same time, NFC-based fraud shot up more than thirty-five-fold, fueled by phishing campaigns and inventive relay techniques. While the overall numbers remain modest, this jump highlights the rapid evolution of the criminals' methods and their continued focus on exploiting NFC technology.
Our research into GhostTap shows how it steals card details so attackers can load victims' cards into their own digital wallets and tap phones for fraudulent contactless payments worldwide. Organized fraud farms use multiple phones to scale these scams. SuperCard X packages NFC theft as a simple, minimalistic malware-as-a-service tool. It presents itself as a harmless NFC-related app, once installed on a victim's device, it quietly captures and relays card data in real time for quick payouts.
'From novel social engineering techniques to sophisticated mobile threats and major infostealer disruptions, the threat landscape in the first half of 2025 was anything but boring,' summarizes Kropáč about the contents of the latest ESET Threat Report.
For more information, check out the ESET Threat Report H1 2025 on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research.
About ESET
ESET® provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of emerging global cyberthreats, both known and unknown— securing businesses, critical infrastructure, and individuals. Whether it's endpoint, cloud or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. The ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit www.eset.com or follow our social media, podcasts and blogs.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Mid East Info
7 days ago
- Mid East Info
ESET joins Europol's Cyber Intelligence Extension Programme (CIEP) - Middle East Business News and Information
ESET, Europe's leading global cybersecurity company, is proud to announce its participation in the pilot phase of the Cyber Intelligence Extension Programme (CIEP), a new initiative launched by Europol's European Cybercrime Centre (EC3). The program aims to strengthen public-private cooperation in the fight against cybercrime by enabling real-time collaboration and intelligence sharing. As part of this initiative, ESET Chief Research Officer Roman Kováč, and Senior Malware Researcher Jakub Souček, recently spent several days at Europol headquarters in The Hague meeting EC3 teams and exploring ways in which ESET's threat intelligence can directly support investigations into ransomware operations, payment fraud schemes, or complex cybercrime infrastructure. Europol functions as a people hub, a data hub, and a case hub, a place where collaboration, intelligence, and operations converge. ESET's team met with law enforcement officers from multiple countries, experiencing firsthand how one central platform fosters effective cross-border cooperation. 'We believe the CIEP sets a new benchmark for actionable intelligence sharing, joint operational readiness, and collective impact,' says Roman Kováč, Chief Research Officer at ESET. ESET has a long history of collaboration with global law enforcement agencies, including in EC3's Advisory Group, where we are represented by ESET Senior Research Fellow Righard Zwienenberg. ESET has also contributed to successful law enforcement operations, including the takedowns of prominent threats such as Gamarue, RedLine, Grandoreiro, Lumma Stealer, and most recently, Danabot. The new CIEP initiative elevates this collaboration further, creating opportunities for direct, real-time engagement with Europol's operational teams. Public-private partnerships like this one are crucial in mitigating risks within today's rapidly evolving cyber threat landscape. ESET extends sincere gratitude to Marijn Schuurbiers, Head of Operations, Gonçalo Ribeiro, Head of Cyber Intelligence and architect of the CIEP program, and to all dedicated professionals at EC3 for their continued efforts in enhancing the fight against cybercrime across Europe and beyond. Cyber threats evolve rapidly, but through partnerships such as this, so does our collective defense. Together we can make Europe a safer place. About ESET ESET® provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of emerging global cyberthreats, both known and unknown— securing businesses, critical infrastructure, and individuals. Whether it's endpoint, cloud or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. The ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit or follow our social media, podcasts and blogs.
Mid East Info
31-07-2025
- Mid East Info
Red Hat Named a Leader in Multicloud Container Platforms by Independent Research Firm for 2025 - Middle East Business News and Information
Red Hat OpenShift is recognized for its robust capabilities in core Kubernetes areas, developer experience and enterprise-grade offerings Red Hat, the world's leading provider of open source solutions, has announced that it has been named a Leader in The Forrester Wave™: Multicloud Container Platforms, Q3 2025 report. Red Hat scored the highest among evaluated vendors in both the current offering and strategy categories. Red Hat attributes this recognition to its strong execution in the multicloud container platform market. According to the Forrester report, 'OpenShift is a good fit for enterprises that prioritize support, reliability, and advanced engineering, particularly in regulated industries such as financial services.' The report also notes that, 'customers consistently praise Red Hat's enterprise-grade offerings and support, especially for managed services…' Forrester's analysis found that 'Red Hat excels in core Kubernetes areas, offering robust operator options, powerful management, GitOps automation, and flexible interfaces via a GUI or command-line interface (CLI). OpenShift's SLAs of 99.95% for public cloud managed-service versions showcase Red Hat's capacity to engineer capabilities beyond those of native public cloud services.' Additionally, it states that, 'Developers will find just about everything they need with Red Hat's above-par scores in developer experience, service and application catalogs, microservices, service mesh, DevOps automation, and integration.' Red Hat is also applying its entire hybrid cloud stack — from the critical Linux foundation of Red Hat Enterprise Linux to optimize model serving and advanced inference — to support generative AI (gen AI) development and operations. Supporting Quotes Mike Barrett, Vice President & General Manager, Hybrid Cloud Platforms, Red Hat: 'Red Hat continues to provide the leading platform for organizations navigating the complexities of multicloud environments. Being named a Leader in The Forrester Wave™ for Multicloud Container Platforms reinforces our commitment to delivering robust, enterprise-grade solutions that empower our customers to innovate with confidence across their hybrid cloud footprints. Our focus on core Kubernetes capabilities, strong developer experience and strategic AI integrations positions us well for the evolving needs of the market. Sovereign cloud, coupled with the digital independence required to get the most from AI, have made multicloud investments a leading priority for our global customers. ' About Red Hat, Inc. Red Hat is the open hybrid cloud technology leader, delivering a trusted, consistent and comprehensive foundation for transformative IT innovation and AI applications. Its portfolio of cloud, developer, AI, Linux, automation and application platform technologies enables any application, anywhere—from the datacenter to the edge. As the world's leading provider of enterprise open source software solutions, Red Hat invests in open ecosystems and communities to solve tomorrow's IT challenges. Collaborating with partners and customers, Red Hat helps them build, connect, automate, secure and manage their IT environments, supported by consulting services and award-winning training and certification offerings. Forward-Looking Statements: Except for the historical information and discussions contained herein, statements contained in this press release may constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements are based on the company's current assumptions regarding future business and financial performance. These statements involve a number of risks, uncertainties and other factors that could cause actual results to differ materially. Any forward-looking statement in this press release speaks only as of the date on which it is made. Except as required by law, the company assumes no obligation to update or revise any forward-looking statements.
Mid East Info
31-07-2025
- Mid East Info
The hidden risks of browser extensions – and how to stay safe - Middle East Business News and Information
Phil Muncaster, guest writer at ESET, explains that n ot all browser add-ons are handy helpers – some may contain far more than you have bargained for What would we do without the web browser? For most of us, it's our gateway to the digital world. But browsers are such a familiar tool today that we're in danger of giving them a free ride. In fact, there are plenty of rogue extensions masquerading as legitimate ad blockers, AI assistants, or even security tools that are designed to steal our data, send us to malicious sites and flood our screen with popups. For example, earlier this year, a malicious campaign was uncovered that may have impacted dozens of extensions and compromised nearly three million users. Next time you're thinking about downloading a web browser add-on, think through the following risks. Why extensions matter Browser extensions are an increasingly popular vehicle for threat actors. They give attackers access to a vast amount of sensitive information, with people often trusting these add-ons, especially if they're downloaded from official sources. Also, extensions provide multiple avenues for monetization and malicious activity and generally give attacks a better chance of success and are a threat also in corporate settings, where they may often stay under the radars of security teams and tools. However, by installing and granting an extension permissions, you could unwittingly be enabling malicious actors to access your most sensitive data – everything from browsing history to saved logins and session cookies, which could be abused to hijack your accounts. When browsers go bad A 2023 risk assessment of 300,000 browser extensions and third-party OAuth applications used in corporate environments revealed that half (51%) of the former were high risk and could potentially have caused 'extensive damage.' So how could they end up on your machine? Malware may be hidden in legitimate-looking browser extensions like those purporting to be ad blockers or PDF converters or even security enhancements. They could be packaged up and placed on browser stores for unwitting users to download, bundled with other software, shared through deceptive links or uploaded to platforms outside your official web store, where hackers rely on users 'sideloading' in order to target them. Sideloading is particularly dangerous because third-party stores don't feature the kind of security reviews and other checks that official marketplaces have in place. That means they're more likely to feature harmful add ons spoofed to appear as if legitimate. Alternatively, threat actors could hijack or acquire a legitimate extension and use it to send malicious updates to its entire user base. Sometimes, extensions can seem legitimate, but on activation will be programmed to install new payloads with malicious capabilities. What can malicious extensions do? The nefarious actions run the gamut and include: Stealing data, including usernames and passwords, browsing history, session cookies (which can be used to access your accounts without needing a password) and financial information. This may be sourced from your clipboard, browser or obtained via keylogging as you type it in. The end goal is usually to either sell that data on the dark web, or use it directly to hijack accounts and commit identity fraud. including usernames and passwords, browsing history, session cookies (which can be used to access your accounts without needing a password) and financial information. This may be sourced from your clipboard, browser or obtained via keylogging as you type it in. The end goal is usually to either sell that data on the dark web, or use it directly to hijack accounts and commit identity fraud. Directing you to malicious or risky websites that may harbor malware including infostealers and banking Trojans. Other sites may be spoofed to appear as if a legitimate brand, but are actually designed to harvest your personal and financial information and/or logins. that may harbor malware including infostealers and banking Trojans. Other sites may be spoofed to appear as if a legitimate brand, but are actually designed to harvest your personal and financial information and/or logins. Injecting unwanted ads and possible malware into your browsing experience. Ads could be monetized by threat actors, while malware may be designed to steal credentials or harvest other lucrative personal data for identity fraud. into your browsing experience. Ads could be monetized by threat actors, while malware may be designed to steal credentials or harvest other lucrative personal data for identity fraud. Backdooring your browser so that they can access your machine at any time in the future. so that they can access your machine at any time in the future. Mining for cryptocurrency without your knowledge, something that can slow down or even wear out your machine completely. Staying safe To mitigate these risks, caution is always advised when you're on the hunt for a new extension. First of all, stick to legitimate web stores and closely scrutinize any new add-on. That might include checking the developer's credentials, reading reviews of the product and searching separately for it to see if it has been connected to any suspicious or malicious behavior in the past. Look closely too at its permissions. If it requests any that seem to go beyond what is needed for the product, it should be a red flag. As is the case with, for example, mobile apps, not many extensions should need access to your passwords or browsing data. Additional tips to keep yourself safe include: Keep your browser updated so it's on the latest, more secure version at all times. This means it will be better protected against potential malware. Switch on multi-factor authentication on all your online accounts – that will go a long way toward keeping you safe even if a malicious browser extension does steal your passwords. To make your web browsing experience safer in general, consider using a secured browser mode that is offered together with other security-enhancing features by some security vendors. This mode comes in particularly handy when you perform financial and crypto transactions in your browser. Enhanced Safe Browsing in some common web browsers can also help you steer clear of malicious sites. Importantly, use security software from a reputable vendor, and perform periodic scans to check for anything suspicious running on your computer. It will go a long way towards preventing you downloading malware from third-party sites, or redirecting to a phishing site. Every piece of software we install, no matter how small, comes with an element of trust; indeed, this trust may be particularly significant with browser extensions, as they operate directly within your gateway to the internet. Think carefully about the value or convenience that an extension provides versus the potential risk. Ultimately, the goal is to make informed choices about the add-ons you allow into your digital space. be sure to source your browser extensions and, indeed, all other software from reliable providers.
