ESET report flags first AI-driven ransomware and surging NFC fraud

Summary

Cybersecurity firm ESET’s H2 2025 Threat Report warns that AI is now actively embedded in real-world malware, highlighting PromptLock as the first known AI-driven ransomware that generates malicious scripts on the fly. The report also documents higher-quality deepfakes, AI-generated phishing sites and short-lived ad campaigns used in investment scams such as Nomani, whose detections rose 62% year-over-year before easing slightly late in 2025. On mobile, near-field communication (NFC) fraud is accelerating, with threats like NGate, RatOn and PhantomCard driving an 87% increase in NFC-related attack telemetry and introducing new combinations of RAT capabilities with relay attacks. While some traditional threats like Lumma Stealer have declined following takedowns, others such as the CloudEyE downloader have surged thirty-fold, often serving as a delivery mechanism for ransomware and infostealers. For defenders, the report underscores a dual challenge: adversaries are weaponizing generative AI for speed and scale, while also exploiting newer interfaces like NFC and ad platforms that many organisations still treat as peripheral.