AI-powered malware moved from theory to reality in the second half of 2025 according to the latest threat report from ESET Research which features data from June to November.

The digital security specialist discovered PromptLock, the first known AI-driven ransomware, capable of generating malicious scripts. While AI is still mainly used for crafting convincing phishing and scam content, ESET says that PromptLock – and the handful of other AI-driven threats so far identified – signal a new era of threats.

In ESET telemetry, detections of Nomani scams also grew 62% year-over-year, with the trend declining slightly in H2 2025. Nomani scams have recently been expanding from Meta to other platforms, including YouTube. Jiří Kropáč, director of ESET threat prevention labs, said: “Fraudsters behind the Nomani investment scams have also refined their techniques. We have observed higher-quality deepfakes, signs of AI-generated phishing sites, and increasingly short-lived ad campaigns to avoid detection.”

Ransomware victim numbers surpassed 2024 totals well before the end of the year, with ESET Research projections suggesting a 40% year-over-year increase. The firm said Akira and Qilin now dominate the ransomware-as-a-service market, while low-profile newcomer Warlock introduced innovative evasion techniques. EDR killers continued to proliferate, highlighting that endpoint detection and response tools remain a significant obstacle for ransomware operators.

On mobile platforms, NFC threats continued to grow in scale and sophistication, with an 87% increase in ESET telemetry and several notable upgrades and campaigns observed in H2 2025. NGate received an upgrade in the form of contact stealing, potentially laying the groundwork for future attacks.

RatOn, entirely new malware on the NFC fraud scene, brought a rare fusion of remote access trojan capabilities and NFC relay attacks, showing cybercriminals’ determination to pursue new attack avenues. ESET says RatOn was distributed through fake Google Play pages and ads mimicking an adult version of TikTok, and a digital bank ID service.

---