The second half of 2024 has seen significant shifts in the cyberthreat landscape, according to ESET’s latest Threat Report. The comprehensive analysis reveals evolving attack vectors, changes in malware dominance, and new social engineering tactics that are reshaping cybersecurity challenges globally. Security teams must adapt to emerging threats like Formbook infostealers, deepfake-powered scams, and innovative mobile attack vectors.
Executive Summary: Key Cybersecurity Trends
The ESET Threat Report H2 2024 highlights several critical developments that demand immediate attention from security professionals. Formbook has overtaken Agent Tesla as the most prevalent infostealer, while law enforcement scored a major victory with the takedown of RedLine Stealer. Cryptocurrency-related threats surged across all platforms, particularly on macOS systems following bitcoin’s record highs. Perhaps most concerning is the emergence of novel mobile attack vectors using Progressive Web Apps (PWAs) that bypass traditional security measures.
Infostealer Ecosystem Shakeup
The infostealer landscape underwent dramatic changes in the latter half of 2024. Formbook detections increased by over 200% compared to H1 2024, with Japan being the most affected country. ESET telemetry recorded more than 7,000 Formbook detections on a single day in September. Meanwhile, Lumma Stealer detections skyrocketed by 369%, often distributed through fake GitHub fixes and AI tool impersonations. The successful Operation Magnus takedown demonstrated international cooperation can disrupt major cybercriminal operations.
Cryptocurrency Threats Reach New Highs
As bitcoin values exceeded $90,000 in November 2024, cryptocurrency-targeting malware saw unprecedented growth. macOS platforms experienced a staggering 127% increase in password stealers, with the United States, Italy, and China being primary targets. Attackers employed sophisticated social engineering tactics, posing as cryptocurrency investment advisors through poisoned Google ads. Windows systems saw a 56% rise in cryptostealers, while Android banking trojans like Cerberus continued evolving to bypass mobile security measures.
Innovative Mobile Attack Vectors Emerge
ESET researchers identified a dangerous new technique leveraging Progressive Web Apps (PWAs) and WebAPKs to bypass mobile security protections. This method allows attackers to distribute fake banking apps that avoid app store vetting and appear completely legitimate to users. The attacks primarily targeted European banking customers, with some campaigns using NFC data relay from compromised phones to facilitate ATM withdrawals. This development represents a significant challenge for traditional mobile security approaches.
Deepfake Scams Flood Social Media
Investment scams using deepfake technology showed a 335% increase in detections during H2 2024. These sophisticated campaigns use low-resolution videos to mask rendering artifacts and feature unnatural speech patterns in AI-generated content. ESET blocked over 8,500 associated domains, with Japan, Slovakia, and Canada being most affected. The scams frequently appear on Meta platforms but have spread to YouTube and Google search results, demonstrating the growing challenge of AI-powered social engineering.
Ransomware Landscape Evolution
The ransomware ecosystem continued evolving after LockBit’s takedown, with RansomHub emerging as the dominant RaaS provider. New groups like Embargo introduced custom Rust-based tools and BYOVD techniques, while state-aligned actors entered the ransomware space. Interestingly, ESET telemetry showed a 23% overall decrease in ransomware detections, likely reflecting improved prevention at earlier attack stages rather than reduced threat activity.
Security Recommendations
To combat these evolving threats, organizations should prioritize several key security measures. Implement advanced email filtering for infostealer protection and educate users about PWA/WebAPK risks on mobile devices. Segment cryptocurrency wallet access and monitor for password-stealing activity, particularly on macOS systems. For social media threats, train employees to recognize deepfake indicators and implement web filtering for known scam domains. These layered defenses should be complemented with continuous threat intelligence updates.
Looking Ahead to 2025
The ESET Threat Report H2 2024 demonstrates cybercriminals’ rapid adaptation to new technologies and economic trends. As deepfake technology becomes more accessible and cryptocurrency markets remain volatile, these threats will likely intensify in the coming year. Security teams must remain vigilant, updating their defensive strategies to address both current threats and anticipated developments in the cyberthreat landscape.
For more detailed analysis and specific detection metrics, refer to the full ESET Threat Report H2 2024 on WeLiveSecurity.
