ESET’s latest Threat Report offers a detailed look into the evolving cyber threat landscape between June and November 2024. Drawing insights from both its telemetry and research experts, the report highlights a major shake-up in the world of infostealers.
- Among infostealers, long-dominant Agent Tesla malware was replaced by Formbook; Lumma Stealer has increased by almost 400%.
- Company-branded and deepfake scams increasingly target social media users with fraudulent investment schemes, as they increased by 335%.
- RansomHub grew significantly and is now the dominant ransomware-as-a-service (RaaS) player.
- Cryptocurrency wallet data was one of the prime targets of malicious actors; the increase was most dramatic on macOS.
The once-dominant Agent Tesla has been overtaken by Formbook, a long-standing malware designed to siphon sensitive data.
Meanwhile, Lumma Stealer has risen in popularity among cybercriminals, playing a central role in several high-profile malicious campaigns. ESET reports a staggering 369% increase in Lumma Stealer detections during this period.
Social media platforms have also become a prime hunting ground for scammers. Fraudulent schemes using deepfake videos and fake company-branded posts have inundated users, preying on their trust with promises of lucrative investment opportunities.
The scams, identified by ESET as HTML/Nomani, surged by an alarming 335% in detections. The hardest-hit countries included Japan, Slovakia, Canada, Spain, and Czechia.
As these threats continue to diversify and scale, ESET’s report serves as a timely reminder of the ever-evolving tactics employed by cybercriminals and the critical need for vigilance in safeguarding digital ecosystems.
According to ESET Director of Threat Detection Jiří Kropáč the second half of 2024 seems to have kept cybercriminals busy finding security loopholes and innovative ways to expand their victim pool, in the usual cat-and-mouse game with defenders.
“As a result, we’ve seen new attack vectors and social engineering methods, new threats skyrocketing in our telemetry, and takedown operations leading to shake-ups of previously established ranks,” Jiří Kropáč said.
Among infostealers, notorious “infostealer-as-a-service” Redline Stealer was taken down by international authorities in October 2024. But it is expected that Redline Stealer’s demise will lead to the expansion of other similar threats.
The ransomware landscape was reshaped by the takedown of former leader LockBit, creating a vacuum to be filled by other actors.
RansomHub, a ransomware-as-a-service, stacked up hundreds of victims by the end of H2 2024, establishing itself as the new dominant player. China-aligned, North Korea-aligned, and Iran-aligned APT groups have been getting more involved in ransomware attacks.
With cryptocurrencies reaching record values in H2 2024, cryptocurrency wallet data was one of the prime targets of malicious actors. In our telemetry, this was reflected in a rise in cryptostealer detections across multiple platforms.
The increase was the most dramatic on macOS, where so-called Password-Stealing Ware – heavily targeting cryptocurrency wallet credentials – more than doubled compared to H1.
AMOS (also known as Atomic Stealer), malware designed to collect and exfiltrate sensitive data from Mac devices, was a significant contributor to this increase. Android financial threats, targeting banking apps as well as cryptocurrency wallets, grew by 20%.
