Threat Report H2 2024: Infostealer shakeup, new attack vector for mobile, and Nomani

Sometimes, our telemetry data seems like the waters of a calm bay, with small, smooth waves gently rocking the ships anchored there to sleep. Other times, however, strong winds come and change everything, bringing towering waves and scattering the ships all over the place, transforming the terrain of the bay itself in the process.

ESET Threat Report H2 2024 felt a bit like that. Leading malware families were taken down by law enforcement; mobile devices saw the birth of a new, potentially very attractive, attack vector targeting both iOS and Android; there was yet another criminal “crypto gold rush”; and deepfake scams flooded social media.

In the first section of this latest ESET Research Podcast episode, ESET Distinguished Researcher Aryeh Goretsky and Security Awareness Specialist Ondrej Kubovič discuss the notorious number one infostealer Agent Tesla being replaced by its old competitor Formbook, the takedown of Redline Stealer and Meta Stealer, and a new social engineering technique fueling the rapid growth of Lumma Stealer.

They also take a closer look at a novel attack vector that works for both Android and iOS devices, one that is misusing technologies allowing mobile users to install apps directly from websites from mobile browsers.

In the final part of the H2 2024 episode, Aryeh and Ondrej also go over the booming numbers of investment scams on social media, detected as HTML/Nomani, describing the looks, social engineering, and impact of this fraudulent activity.

If any of the topics caught your interest, listen to the latest episode of the ESET Research podcast. If you prefer the “print” version, download the full H2 2024 report from the Threat Reports section of WeLiveSecurity.com.