Social media flooded with deepfake scams; Formbook, No. 1 information thief, in new ESET report – Press Releases

BRATISLAVA, December 16, 2024 — ESET releases its new Threat Report, which summarizes from June to November 2024, threat trends observed in ESET telemetry as well as the views of its detection and search experts. One of the categories that has seen a shake-up is information thieves. The long-dominant Agent Tesla malware is being dethroned by Formbook, a well-established threat designed to steal a wide variety of sensitive data. Lumma Stealer is widely used by cybercriminals. It appears in several malicious campaigns in the second half of 2024. Its detections increased by 369% in ESET telemetry. Social media has seen a wave of new scams, using deepfake videos and corporate branded posts to lure victims into fraudulent investment schemes. These scams, tracked by ESET as HTML/Nomani, saw a 335% increase in detections between the last two reports. The countries with the most detections are Japan, Slovakia, Canada, Spain and Czechia.

“The second half of 2024 appears to have been a good time for cybercriminals. They looked for security vulnerabilities and innovative ways to expand their victim base. In our telemetry, we saw new attack vectors and new methods of social engineering, new threats skyrocketing and takedown operations, leading to upheavals in the well-established ranks,” explains Jiří Kropáč, Director threat detection at ESET.

Among the information stealers, Redline Stealer, the famous “information thief as a service” was taken down internationally in October 2024. But its demise is expected to allow the expansion of other threats similar. The ransomware landscape has been reshaped by the dismantling of former leader LockBit, creating a void for other players to fill. RansomHub, a ‘ransomware-as-a-service’, claimed hundreds of victims by the end of the second half of 2024, establishing itself as the new dominant player. APT groups linked to China, North Korea and Iran are increasingly involved in ransomware attacks.

Cryptocurrency wallet data was a primary target for bad actors, with cryptocurrencies reaching record values ​​in the second half of 2024. In ESET telemetry, we saw an increase in thieve detections across multiple platforms. The increase was most dramatic on macOS, where password stealing software primarily targeting cryptocurrency wallet credentials more than doubled from the first half. AMOS (also known as Atomic Stealer), malware designed to collect and exfiltrate sensitive data from Mac devices, was a major contributor to this increase. On Android, financial threats targeting banking apps as well as cryptocurrency wallets have increased by 20%.

For more information, read the ESET Threat Report H2 2024 at www.welivesecurity.com/
Also follow ESET Research on LinkedIn, Facebook, and X.
ABOUT ESET ESET® provides industry-leading security to prevent attacks before they happen. With the power of AI and human expertise, ESET stays ahead of known and emerging threats, securing mobile, its AI-powered and cloud-focused solutions and services are effective and easy to use . ESET technology includes robust detection and response, ultra-secure encryption and multi-factor authentication. With 24/7 real-time defense and strong local support, ESET keeps users and businesses secure without interruption. An ever-changing digital landscape demands a progressive approach to security: ESET has world-class research and powerful threat intelligence, supported by R&D centers as well as a global network of partners. More information: www.eset.com or LinkedIn, Facebook, X and https://www.eset.com/be-fr/.