ESET has published its cyber threat report for the second half of 2025 (June–November). The main trend is the shift of cybercriminals to artificial intelligence tools and the rapid growth of attacks on mobile financial transactions.
🤖 The era of AI viruses: PromptLock and others
Experts have observed a shift from using AI for texts to creating autonomous malicious code:
-
PromptLock: The first AI-based ransomware program that instantly generates malicious scripts.
-
QuietVault: Uses AI prompts to intelligently search for confidential data in a compromised system.
-
PromptSteal: A cyber espionage tool linked to the Russian group Sednit (APT28).
💳 Surge in NFC threats (+87%)
Attacks targeting contactless payments and mobile devices have become significantly more sophisticated:
-
NGate: has been updated and can now not only intercept card data, but also steal contacts.
-
RatOn: new malware that combines the functions of a remote access Trojan and an NFC interceptor. It is distributed via fake Google Play pages and ads that mimic TikTok.
📈 Ransomware and investment fraud
-
Ransomware growth of 40%. The number of victims in 2025 has already exceeded last year’s figures. The most active groups are Akira and Qilin.
-
Nomani fraud. The number of investment scams has increased by 62%. Criminals are widely using high-quality deepfakes and spreading advertisements not only on Facebook but also on YouTube.
🌩️ Abnormal activity by CloudEyE (GuLoader)
The number of detections of this downloader has increased almost 30 times. It serves as a “gateway” for other dangerous viruses (Agent Tesla, Formbook). Most attacks were recorded in Poland (32%).
🛡️ ESET recommendations for protection
-
Download apps only from official stores (Google Play, App Store).
-
Be sure to use multi-factor authentication (MFA).
-
Do not trust videos featuring famous people promising “quick profits” (likely deepfakes).
-
Use comprehensive solutions (such as ESET HOME Security or ESET PROTECT) to proactively detect threats that bypass standard filters.
