Since scareware varies in form and capability, staying safe from such threats requires a robust cybersecurity solution and a sharp eye.

You’re scrolling through your Facebook feeds when, all of the sudden, a bright, blinking, and loud warning pops up. It claims your smartphone has been attacked by a virus or has technical issues and urges you to install a self-described cleaner app. Just a few taps and a few dozen bucks in in-app purchases later, and you’ll supposedly be rescued from malicious attacks and data loss.

image 1: Recording of a scareware ad. This particular ad is mimicking a virus alert.

However, in reality there are no real threats, nor any device issues. The messages, in fact are just standard paid advertisements on the Meta platform. Using rumble sounds and animations, they mimic device alerts trying to trick targets into believing their device is under attack or is malfunctioning. Such attacks are delivered via scareware. ESET discovered that one particular scareware campaign distributed these messages via more than 250 ads between February and April 2025 until it was shut down by Meta due to Unacceptable Business Practices by their clients.

Malicious campaigns like this show how easy it is to launch very believable scam campaigns that have the potential to reach hundreds of thousands of people. As scareware varies in form and capability, staying safe from such threats requires a robust cybersecurity solution. The Essential tier of ESET HOME Security was already recognized last March as AV-Comparatives’ Product of the Year 2024, and now ESET HOME Security has evolved even further with enhanced anti-scam feature. This means users gain protections even in situations where well-crafted scams would have otherwise successfully defrauded their targets.

Try ESET HOME Security now!

 

How scareware works

Scareware usually describes malicious software or scams using scare tactics to manipulate users into downloading malware or buying unwanted software. To put it simply, scareware serves as a gateway for malware or scams.

Scareware as a scam can come in the form of unsolicited messages, pop-ups, or ads on social networks scaring users into obtaining unwanted and often harmful software. Scareware is often combined with  .

Scareware as a class of malicious software includes rogue security software and other scam software that tricks users into believing their computer is infected with a virus. Typically, it displays an alert message persuading users to download and pay for fake antivirus, cleaner apps, or other software to remove it. Usually, the virus is fictional, and the software is non-functional or actually malware.

image 2: An example of a fake security alert stressing the target to call technical support.

Removing malware by deleting pictures?

Now, let’s take a look at the abovementioned ESET-discovered scam campaign. It targeted iPhone users with messages ranging from “Apple security alert!” and “Photo damaged” to “Your phone has been hacked!” or “167 Virus attacking your system!”.

image 3: Recording of a scareware ad claiming that the phone is paralyzed by junk files, enticing the user to install a cleaning app.

The scammers have perfected their approach: believable visuals, splashing bright colors, using pseudo-official warnings, urging immediate action, and even imitating phone rumble notifications with specific audio.

The truth is that considering the current state of AI tools, none of those elements are hard to produce anymore. Being distributed via social media by the fake account going by the name “Clean forrr-0221”, these convincing individual ads could have reached anywhere from thousands to hundreds of thousands of users.

image 4: The advertiser’s profile on Meta Ad Library with hundreds of now inactive ads.

And what about the advertised solution? The promoted ad doesn’t claim to remove malware. Its description describes removing duplicate photos—a feature that many smartphones already have built in.

That being said, it’s important to add that scareware ads on social media can lead to different types of apps. Some of them can be dangerous spyware, while others can border on being useless or offer a completely different type of service to what the ad promised for a fee.

 

Don’t be scared out of your wits

Dealing with scareware involves a combination of awareness, prevention, and action:

Awareness is the first step; understanding that scareware is designed to frighten you into making hasty decisions can help you avoid falling for such a scam. Always be skeptical of unsolicited warnings and offers, especially those that create a false sense of urgency.

When it comes to prevention, here are a few basic steps you should take:

• Ensure your device’s security is up to date and use reputable antimalware software to detect and block malicious programs.
• Regularly update your operating system and applications to patch vulnerabilities.
• Use a pop-up blocker to reduce the chances of encountering scareware ads.
• Avoid clicking on suspicious links or downloading software from untrusted sources, and be cautious with emails from unknown senders.
• Before installing any app, read its description carefully, see reviews, and background-check its creator.

If you suspect that scareware has already infested your device, take immediate action. Run a full system scan with your antimalware software to find and stop possible threats. It also is advisable to change your passwords and monitor your accounts for any unusual activity, as scareware can sometimes steal credentials.

You can learn more about dealing with scareware here.

 

Brace yourself with ESET

Scareware may seem like a simple scam, but it can have serious consequences ranging from financial losses to data breach or identity theft due to its malicious nature or by leading to a follow-up compromise.

Comprehensive scam protection therefore requires proactive defense that covers multiple smart devices and can deflect various kinds of attacks while keeping cybersecurity management simple and clear. This is exactly what ESET HOME Security is designed for.

To illustrate this, let’s say that there is a scareware attacking your Windows device, prompting you to pay for and install fake antivirus software, which is in fact a spyware. ESET HOME Security Ultimate can protect you in multiple ways:

Antispam can be the first line of defense, as many scams and cyberattacks start as spam emails. Spam messages accounted for over 46.8% of email traffic in December 2023.

Anti-Malware can discover, recognize, and stop scareware, spyware, and other types of malware trying to compromise your device.

Anti-Phishing can prevent you from visiting a phishing website offering fake antivirus or other deals.

Safe Banking & Browsing creates a secure environment when accessing online banking or online payment gateways to keep your financial data safe.

ESET Identity Protection is a last line of defense in case attackers have already stolen your data and are now selling it on the Dark Web. ESET Identity Protection detects these activities thanks to continuous black-market monitoring, and alerts you.

ESET VPN – A VPN assigns you a new IP address while making your online traffic secured and encrypted. In this way it can protect you against cybercriminals trying to intercept your data or track your online activity and use all these information (such as stolen credentials) for further scams.

ESET HOME Security also utilizes ESET Mobile Security for Android, which is a stand-alone solution recognized for its robust protection including Antivirus, Payment Protection, Anti-Phishing, Adware Detector, Anti-Theft and much more. Even Apple users can benefit from ESET HOME Security thanks to additional layers of protection such as Identity Protection and VPN.

Small Office/Home Office owners can stay protected from scareware thanks to ESET Small Business Security. It utilizes most of the above-mentioned features including Antivirus & Antispyware, Anti-Phishing, Safe Banking & Browsing, VPN, and extra layer of protection for Windows Server users—Safe Server.

 

Peace of mind

In the world of believable automated large-scale scams, simple in-built antivirus is not enough. Scareware preys on our human instincts to deal with sudden threats immediately, without thinking it through. Having a top-notch award-winning cybersecurity solution can bring peace of mind into even those stressful situations.

 

Threat actors targeting mobile users usually go for their victims’ personal information or their money.

From messaging app copycats, toolkits simplifying marketing-scam creation, and on to malware taking advantage of the popularity of gaming-apps, threats to mobile users take on many forms and are constantly evolving.

Check this list of recent malicious mobile campaigns discovered by ESET researchers that target the Android OS to better recognize how these threats look.

If you want to protect your mobile device against such attacks, try ESET Mobile Security.

 

StrongPity espionage campaign

In early 2023, ESET researchers published a blog about the StrongPity a malware campaign which spread a trojanized version of the hugely popular Android Telegram app. It was re-packaged and presented as “the” app for the video-chat service Shagle, despite the fact that Shagle doesn’t have an official app. The fake app was then distributed from a copycat Shagle website.

image 1. Comparison of the legitimate website on the left and the copycat on the right

Ultimately, criminals used Shagle’s popularity, the app has 2.5 million active users, to spread this malware and its diverse spyware features, including 11 functions that are responsible for recording phone calls, collecting SMS messages, call logs, contact lists, and much more. If a victim grants the malicious StrongPity app access to their phones accessibility services, it will also be able to monitor incoming notifications and will be able to steal communications from 17 apps such as Viber, Skype, Gmail, Messenger, or Tinder.

 

Transparent Tribe Campaign

In March 2023, ESET researchers published a blog about a cyberespionage campaign that distributed CapraRAT backdoors through trojanized and supposedly secure Android messaging apps; the apps  also accessed and removed sensitive information. Victims were likely targeted through a honey-trap romance scam where they were initially contacted on one platform and then convinced to use supposedly “more secure” apps, which they were then lured into installing.

image 2. Distribution website of CapraRAT posing as MeetUp

After the victim signs into the app, CapraRAT then starts to interact with the server operated by the cybercriminal by sending basic device info while it waits to receive commands to execute. Based on these commands, CapraRAT is capable of stealing call logs, contact lists, SMS messages, recorded phone calls, recorded surrounding audio, CapraRAT-taken screenshots, CapraRAT-taken photos, and much more.

It can also receive commands to download files, launch any installed app, kill any running app, make calls, send SMS messages, intercept received SMS messages, and download updates and request the victim to install them.

 

Not-so-private messaging

At the beginning of 2023, ESET researchers discovered dozens of copycat Telegram and WhatsApp websites mainly targeting Android and Windows users with trojanized versions of these instant messaging apps.

image 3. Distribution diagram of trojanized messenger apps

Most of the malicious apps identified by ESET researchers are clippers, a type of malware that steals or modifies the contents of the clipboard. Some of these apps use optical character recognition (OCR) to recognize text from screenshots stored on the compromised devices. All of them were chasing after victims’ cryptocurrency funds, with several targeting cryptocurrency wallets.

 

Android Gravity RAT

In June 2023, ESET researchers published research on Android GravityRAT spyware. This malware was distributed within the malicious but functional messaging apps BingeChat and Chatico — both based on the OMEMO Instant Messenger app.

image 4. Distribution website of the malicious BingeChat messaging app

This spyware can steal call logs, contacts, SMS messages, device location, basic device information, and files with specific extensions, such as jpg, png, txt, pdf, etc. GravityRAT can also access and steal WhatsApp backups and receive commands to delete files.

 

SpinOk

In the second half of 2023, ESET telemetry detected an 89% increase in Android malware detections primarily due to a mobile marketing software development kit (SDK) – a digital tool box- that ESET identifies as SpinOk Spyware. This toolbox was offered as a gaming platform and was incorporated into numerous legitimate Android apps, including many available on official app marketplaces.

image 5. Android/SpinOK detection trend in H2 2023, seven-day moving average

Once an app with the aforementioned SpinOK toolkit is installed, it operates like spyware, connecting to the criminal’s command-and-control server and stealing a range of data from the device, including potentially sensitive clipboard (short-term storage) contents.

 

Telekopye

In 2023, ESET researchers found the source code of a toolkit that helps well-organized groups of scammers to conduct online-shopping scams without being particularly well-versed in IT. The toolkit, which ESET researchers have named Telekopye, creates phishing web pages from predefined templates, generates phishing emails and SMS messages, and sends them to targeted users.

image 6. Generated fake screenshot (template on the left, template filled with sample text on the right)

First, attackers find their victims, then they try to earn their trust, so they fall for either a buyer scam, a seller scam, or a refund scam. When attackers think that a victim sufficiently trusts them, they use Telekopye to create a phishing web page from a premade template and then send the URL to the victim. For example, attackers trick a victim into buying a non-existent item and then send them a link to a phishing web page resembling the payment page of the legitimate online marketplace listing the reputed item.

After the victim submits card details via this page, the attackers use these card details to steal the victim’s money.

 

Kamran

In late 2023, ESET researchers identified a possible watering-hole attack on a regional news website that delivers news about Gilgit-Baltistan, a disputed region administered by Pakistan. When opened on a mobile device, the Urdu version of the Hunza News website offered readers the possibility to download the Hunza News Android app directly from the website; however, the app had malicious capabilities, specifically espionage.

The Kamran spyware in question displayed the content of the Hunza News website and contains custom malicious code. Upon launching, Kamran prompts the user to grant permissions to access various data stored on the victim’s device. If permissions are granted, Kamran spyware automatically gathers sensitive user data, including SMS messages, contacts list, call logs, calendar events, device location, list of installed apps, received SMS messages, device info, and images.

image 7. English (left) and Urdu (right) versions of Hunza News shown on a mobile device

 

EvilVideo

ESET researchers discovered a zero-day exploit that targets Telegram for Android, and appeared for sale for an unspecified price in an underground forum post on June 6, 2024. Using the exploit to abuse a software vulnerability that researchers named EvilVideo, attackers could share malicious Android content via Telegram channels, groups, and chat, and make them appear as multimedia files. The exploit only works on Android Telegram versions 10.14.4 and older. After ESET researchers approached Telegram, they fixed the issue.

The exploit seems to rely on the threat actor being able to create a malicious payload (content) that displays an Android app as a multimedia preview. Once shared in a chat, the payload appears as a 30-second video. Since media files received via Telegram are set to download automatically by default, it means that users with the option enabled will automatically download the malicious payload once they open the conversation where it was shared. The option can be disabled manually; in that case, the payload can still be downloaded by tapping the download button in the top left corner of the shared “apparent” video.

 

Threats targeting Hamster Kombat players

In mid-2024, ESET researchers discovered and analyzed two threats abusing the success of Hamster Kombat, an in-app Telegram clicker game where players earn fictional currency by completing simple tasks and incentives to log into the game daily.

The first threat is a fake, non-functional, malicious app resembling the Hamster Kombat app that contains Ratel Android spyware capable of stealing notifications and sending SMS messages. The malware operators use this functionality to pay for subscriptions and services with the victim’s funds without the victim noticing.

image 8. Malicious Hamster Kombat access requests

The second threat is a collection of fake websites that mimic app stores claiming to have Hamster Kombat available for download. However, tapping the “Install” or “Open” buttons only leads the user to unwanted advertisements.

 

Phishing in PWA applications

In mid-2024, ESET Research published a blog about an uncommon type of phishing campaign targeting mobile users who are clients of a prominent Czech bank. This technique is noteworthy because it abuses a Progressive Web Application (PWA), allowing the installation of a phishing app from a third-party website without the user having to allow third-party app installation.

The initial sources of this campaign included automated voice calls, SMS messages, and social media malvertising that ultimately encouraged victims to open a phishing URL redirecting them to a fake Google Play Store page for the targeted banking application, or a copycat website for the application.

image 9. Example of a malicious advertisement used in these campaigns

After visiting these fake websites, Android users saw a pop-up ad enticing them to install the malicious application resembling the legitimate banking application. The application was, in fact, created with WebAPK technology that enables the creation of web applications that can be installed on Android devices as if they were native, or legitimate. This allows users to install PWAs to their home screen on Android devices without having to use the Google Play Store.

 

NGate

While monitoring a malicious campaign that abuses Progressive Web Application (PWA) to steal banking credentials from targets in the Czech Republic, ESET researchers uncovered a truly novel attack related to the previous campaign. In August 2024, ESET published a blog about the same criminal group improving their techniques to enable unauthorized ATM withdrawals from the bank accounts of clients at three Czech banks.

image 10. NFCGate architecture (source: https://github.com/nfcgate/nfcgate/wiki)

First, cyber criminals deceived victims into believing that they were communicating with their bank and then tricked them into downloading and installing a fake banking app with a unique malware that ESET has named NGate. The malware clones near-field communications data (NFC) from victims’ payment cards using NGate and sends this data to an attacker’s device. That device was then able to imitate the original card and withdraw money from an ATM.

 

Nomani

In 2024, social media saw a flood of new scam ads propagating “secret” investment opportunities, miraculous dietary supplements, and legal or law enforcement assistance.

To make these offers appear credible, criminals abused brands of local and global businesses or use AI-generated deepfake videos featuring famous personalities apparently guaranteeing the legitimacy of the advertised products. The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest their personal information.

 

Ghost Tap

Shortly after ESET researchers discovered the novel attack method — NGate stealing near-field communications data (NFC) from victims’ payment cards — cybercriminals improved upon the technique.

Using various phishing tricks, criminals persuade victims to reveal their payment card details together with a one-time passcode to confirm the card for a digital wallet. Then, with the card data and code at their disposal, the attackers register the stolen credentials in their own Apple or Google wallets, relay these loaded wallets to other devices, and make fraudulent contactless payments anywhere in the world.

image 11. Geographic distribution of NFC-related Android malware and scams in H1 2025

 

 

Conclusion

There are two main takeaways from these cases:

First, as you can see, some of these cyberattacks and scams can be spotted right away, if users pay attention and have some knowledge of security awareness. Research blogs, such as those previously mentioned, may serve as valuable sources. Android users who stay informed about newly discovered malware and emerging scams can enhance their risk awareness, enabling them to better safeguard against future online threats.

Second, certain malicious campaigns are more sophisticated and challenging to spot. Furthermore, cybercriminals often target vulnerable groups, including children and the elderly, who may be less prepared to confront such dangers. In any case, it is always good to have a reliable cybersecurity solution such as ESET Mobile Security that can detect and neutralize these threats — ideally before any damage occurs to your device or data.

Source: ESET

Date: 22 October 2025

Improved ESET HOME Security battles the growing threat of digital scams.

If you’ve been thinking that you aren’t an interesting target for digital scammers because you are an average person, your bank account isn’t overflowing with cash, and your online activities are mundane, ask yourself these four questions:

Do I have at least one online account of any kind? Do I have a name? A birth date? A home address?

Of course, you do! And all these are valuable data for cybercriminals.

In general, scams are no longer isolated incidents conducted by individual swindlers targeting important people. No, today they are mass-produced, automated, AI-powered, ever-present threats that will, at some point, come to our digital doorsteps.

Recognizing scams as one of the biggest threats to people’s digital lives, ESET has updated ESET HOME Security, the all-in-one protection for households, by boosting its anti-scam capabilities.

PROTECT YOUR HOUSEHOLD NOW!

Because scams endanger small businesses with no or only a few employees, much like the demographics of households, ESET also incorporated these improvements to ESET Small Business Security

 

Scams are everywhere

People in the U.S. recognize cybercrime as a serious threat, but at the same time, they don’t fear scams going after their finances so much—only 37% of them expect to be targeted in the next year. The reality, however, is much darker.

Cumulatively, scams are a global threat that siphoned away over $1.03 trillion globally in 2023, a figure similar to the entire GDP of countries like South Africa, Singapore, or Colombia.

Global Anti-Scam Alliance (GASA) data shows that almost half of the world’s population encounters a scam at least once a week and that the U.S. suffers from the highest scam losses, averaging $3,520 per victim.

The costliest frauds targeting individuals as reported to the FBI in 2024: 

• Investment Scams: $6.6 billion
• Tech Support Scams: $1.5 billion
• Personal Data Breaches: $1.5 billion
• Non-Payment/Non-Delivery Scams: $0.8 billion
• Confidence/Romance Scams: $0.7 billion

 

Real-life stories

What ESET researchers see is not only the sheer volume of scams but also their increased complexity and seeming credibility. Fraudsters now have tools, including AI, that allow them to create sophisticated scams with less effort than ever before.

For example, in the second half of 2024, ESET telemetry detected a flood of scam ads, recognizing them under the name Nomani (a wordplay referring to “no money”). Using AI and deepfakes featuring famous personalities such as Joe Rogan or Elon Musk, these ads promoted “secret” investment opportunities, miraculous dietary supplements, and legal or law enforcement assistance. But as the name suggests, those lured into the scams ended up with no money and no real product or service.

Ondrej Kubovič explains Nomani the investment scam:

 

The hyperscaling of scams and the availability of supporting resources delivered as a service in the underworld can be also demonstrated by Telekopye, an ESET-discovered Telegram bot offered on the black market for a price, allowing its customers — scammers — to easily create their own scam campaigns. Its capabilities vary from fully automated phishing webpages to fraudulent email spam campaigns.

Image 1: This toolkit, used in Telekopye marketplace scam operations, creates phishing links for the seller scam scenario.

 

If you are among those 67% percent of people who are confident in their abilities to detect scams, be aware that some scams can go far beyond just simple phishing attempts or AI-generated ads.

Recently, ESET researchers uncovered a novel multi-staged attack scenario in which cybercriminals combine various scam tactics to impersonate bank employees protecting customers from a cyberattack in order to wipe out the bank accounts of unknowing victims. This scenario includes pretexting (a fabricated story), phishing, tech support fraud, and a malicious phone app that steals near-field communications (NFC) data for contactless payments.

While it may seem that the scope of this complicated scenario is limited, cybercriminals have already started to try it all around the globe and have found a way to scam people en masse.

 

How to protect your household

Considering the volume of reported scams, the success rate of financial fraud is shockingly high (37% in the U.S. and 35% in the U.K.). This means that from now on, public awareness and risk prevention should become second nature. Let’s highlight the basics:

Verify before trusting – Rule No. 1 is always verifying the identity and the request/offer of anyone who contacts you unexpectedly — especially if they ask for money or personal information.

– Recognize common scams, and encourage your family members to discuss any incidents they’ve encountered, so you can deal with them together.

Secure your accounts – Ensure that all your family’s online accounts have strong, unique passwords. ESET Unique Password Generator is a good start. If possible, enable Two-Factor Authentication (2FA).

Stay updated – Keep your software, including cybersecurity programs, up to date. Don’t forget about routers.

Report suspicious activity: If you or a family member falls victim to a scam, don’t hesitate to report it to the authorities — they really can help. The FBI’s Financial Fraud Kill Chain has a 66% success rate in freezing reported transactions.

 

Stop scams with reliable cyber protection

When you have several family members using multiple smart devices, protecting everyone all the time is not an easy task. Robust cyber protection is necessary, but home admins are, naturally, also worried about the affordability and usability of comprehensive solutions.

These concerns aren’t new to ESET, which has been developing and fine-tuning its solutions for more than 30 years. To address all the requirements of you home admins, ESET has created ESET HOME Security, a powerful all-in-one protection solution with multiple product tiers available so that households can configure their protection based on their specific needs. ESET is proud to see that even its Essential tier was recognized last March as AV-Comparatives’ Product of the Year 2024, thanks to its reliability, performance, and user experience.

Table 1: Overview of available features in ESET HOME Security and ESET Small Business Security subscription tiers

With its latest update, ESET HOME Security can deliver even better results when battling both scams and malware. See the features available for Windows users:

Antispam – Emails are one of the most abused online services when it comes to scamming people. With a watchful antispam feature, users can dodge many of those attempts.

Malware protection – This is the crown jewel of ESET technology, combining various advanced reputation and analytical tools to discover, recognize, and stop malware.

Ransomware protection – ESET Ransomware Shield is designed to detect and block processes that resemble ransomware. The now-updated ESET HOME Security also includes the award-winning Ransomware Remediation feature, which creates backups of affected files after a potential ransomware threat is identified.

Phishing protection – With ESET Anti-Phishing, you can stay safe from scams and fake websites. Guard your browser, social apps, SMS, and links from attempts to steal your sensitive information.

ESET Safe Banking & Browsing – This is a browser extension for elevated security and privacy complemented by Website Security Inspector. It scans the rendered HTML directly in the browser, enabling users to distinguish easily between safe and unsafe search results. Stay protected from phishing websites and other threats. Clear your browser data on demand or automatically, reducing digital clutter and optimizing browser efficiency.

ESET Device Control – This tool monitors and alerts users to access attempts to various devices, including webcam and microphone.

 

“Three things are certain in life”

Before the digital age, the saying used to be that there were only two things certain in life: death and taxes. Based on available data and global user experience, perhaps it’s time to add “scams” to the list.

In a world where any pop-up, ad, SMS, email, phone call, URL, or download button could be the start of a scam, reliable online protection can’t only pivot around the detection of malware on devices. ESET understands that modern scammers use a wide variety of tactics and tools, so reliable protection for households needs to be robust, multilayered, and focused on prevention.

With ESET HOME Security, you and your family members can rest assured that your finances and valuable data are safe.

PROTECT YOUR HOUSEHOLD NOW!

 

Source: ESET

Date: 21 October 2025

BRATISLAVA — October 21, 2025 — ESET, a global leader in cybersecurity solutions, today announces its upgraded consumer offering, ESET HOME Security and its Small Office/Home Office (SOHO) offering, ESET Small Business Security. The update introduces new features such as Ransomware Remediation, along with enhanced functionalities within existing features, including Microphone Monitor and Website Security Inspector. This launch also appreciates VPN as a critical cybersecurity tool. To that end, ESET has made ESET VPN available not only to ESET HOME Security Ultimate users, but also to those with ESET HOME Security Premium.

Recognizing scams as a global threat that can harm virtually anyone, anywhere, at any time, ESET now delivers enhanced scam protection, addressing attacks vectoring from all types of sources, including SMS, email, phone calls, URLs, QR codes, malicious files, and more.

The updated ESET HOME security management platform also introduces simplified security management, making it easier for home admins to protect their families, and SOHO owners to observe exactly who and what are protected, and to distribute security apps with a consistent, simplified experience.

“As a progressive digital life protection vendor, ESET carefully monitors the current threat landscape and develops its protection solutions accordingly,” said Viktória Ivanová, Vice President of Consumer and IoT Segment at ESET. “Heightened scam protection, added Ransomware Remediation, and multiple privacy protection improvements make both ESET consumer and SOHO offerings robust, all-in-one solutions for households and Small Office/Home Offices seeking reliable security that has low impact on performance and is easy to use.”

ESET HOME Security and ESET Small Business Security are available across all major operating systems—Windows, macOS, Android, and iOS—and cover all typical smart home devices. On top of that, ESET Small Business Security also protects Windows servers.

 

Key ESET HOME Security (for Windows) – improvements include:

Added Ransomware Remediation — Originally developed for large businesses, Ransomware Remediation minimizes the impact of ransomware attacks. Once a potential ransomware threat is identified by ESET Ransomware Shield, ESET Ransomware Remediation immediately creates backups of affected files, and after the threat is mitigated, it restores the files, effectively reverting the system to its previous state.

Enhanced privacy protection — New Microphone Monitor detects, and alerts users to, any unauthorized attempts to access the microphone hardware on Windows devices.

Enhanced browser security — New Website Security Inspector adds an extra layer of protection against phishing, scams, and malicious websites. This feature scans the rendered HTML in the browser to detect malicious content that can’t be detected on the network level and by URLs blacklist.

 

Key ESET Cyber Security (for macOS) enhancements – (new features and updates):

macOS 26 Tahoe support — User can enjoy ESET Cyber Security on the latest version of macOS.

HTTPS & HTTP/3 support — Improves overall end-user protection when online.

Device Control — This feature monitors and manages external devices connected to the Mac. It helps protect against malware and unauthorized transfers of data by restricting access to specific device types or even individual devices.

All these improvements are designed to address the evolving threat landscape with special attention to prevention. ESET also believes in the importance of both cyber hygiene and user experience because truly effective cybersecurity should be easy to set up and administer.

More information about the consumer offering and subscription tiers can be found here. Detailed description of SOHO offering is available here.

Table 1: Overview of available features in ESET HOME Security and ESET Small Business Security subscription tiers

 

Source: ESET

Date: 28 Oct 2024

ESET levels up its Mobile Security app to be even more effective against phishing.

Smartphones have become an integral part of our social lives. From children to teens and on to adults and the elderly, globally, the average user now spends almost four hours daily staring at their mobile phone. There’s really no point in naming all the things people can use their mobile phones for. From social interaction to shopping, gaming, and so on… you know what they are capable of.

These capabilities, however, come at a price. The variety of things people can do on their mobile phones creates one huge, messy cyberthreat landscape with criminals trying to steal victims’ money, data, and identities, sometimes demanding a ransom for their return.

This blog will show you some real-life examples described by ESET researchers of what such threats look like. As you will see, some of them are no longer simple scams that can be easily spotted, but are instead sophisticated, multi-staged and AI-driven attacks that require much stronger defenses than a watchful eye and simple antivirus.

The long list of ESET research pieces on this topic demonstrates how carefully ESET studies these threats. And ESET experts are not just watching. More than ten years ago, ESET created award-winning multilayered protection against a multitude of Android security issues called ESET Mobile Security, which has been protecting millions of people around the globe. Now ESET is coming forward with improved Phishing Protection, extending threat coverage even more.

TRY ESET MOBILE SECURITY NOW!

 

Anyone can be a target

There are 4.8 billion smartphone users, which is more than half of the current global population of 8.2 billion people. Statista estimates the smartphone user base to reach 6.4 billion by 2029.

According to a 2024 survey conducted by the data management firm Harmony Healthcare IT, phone screen time increases with every generation. While U.S. baby boomers (people born from 1946 to 1964) spend 3.5 hours per day with phones in their hands, millennials’ use of phones is one hour longer, and Generation Z spends an average of 6 hours and 5 minutes on their phone daily.

And just as smartphone usage is rising, so is the total volume of detected Android malware, increasing from 1.7 million in July 2014 to 35.2 million as of July 2024, according to the AV-TEST Institute’s data.

While the usage of mobile phones grows, so does the increase in user susceptibility to phishing attacks. Global data gathered in 2022 shows that encounters of personal mobiles with phishing rose from 35.46% in 2020 to 53% in 2022, and the percentage of mobile users who tapped on six or more phishing links almost doubled from 14.3% to 27.6% within this time period.

 

Threats are out there

Let’s see several of the latest examples of mobile threats, some covered by the latest ESET Threat Report (H1 2024).

ESET experts complemented the research conducted by Group-IB’s Threat Intelligence unit, describing the GoldPickaxe malware family available for both iOS and Android, targeting victims in the Asia-Pacific region.

This malware can steal a victim’s sensitive personal information from financial apps such as Digital Pension for Thailand despite a requirement that users record a brief video of their face from various angles using the front camera of their mobile device as a form of secure authentication.

To achieve that, threat actors steal victims’ biometric data and utilize AI-driven face-swapping services to create deepfakes.

Another example shows that scammers don’t hesitate to even target children. According to the latest Threat Report, ESET telemetry detected phishing scams abusing Roblox, a sandbox gaming platform very popular with kids and available on multiple operating systems (including Apple and Android). Roblox contains virtual currency named Robux that can be purchased with real money, which makes it attractive for cybercriminals. The Roblox community has created a long list of Roblox threats here.

Also, using ESET detection engines in combination with other sources, ESET researchers recently discovered espionage campaigns spreading fake apps or trojanized and reverse-engineered legitimate apps to Android users in Egypt and Palestine. Threat actors used dedicated phishing websites to distribute malicious apps impersonating legitimate chat apps, a job opportunity app, and a civil registry app.

Another recent malicious campaign uncovered by ESET researchers and run in the Czech Republic targeted clients at three Czech banks to facilitate unauthorized ATM withdrawals from the victims’ bank accounts.

NFCGate architecture (source: https://github.com/nfcgate/nfcgate/wiki)

At first, cyber criminals deceived victims into believing that they are communicating with their bank, and then tricked them into downloading and installing a fake banking app with the unique malware that ESET named NGate. The malware then clones near field communications data (NFC) from victims’ payment cards using NGate and sends this data to an attacker’s device that is then able to imitate the original card and withdraw money from an ATM.

Just this handful of recent examples shows how large of a portfolio of tools cybercriminals have at their disposal. Notice the variety of their targets – children playing games or adults seeking a job, wanting to chat, or doing financial operations.

 

ESET Mobile Security

To deal with these scenarios, both individual users and households need a reliable security solution capable of stopping threats, ideally before they execute and cause any harm.

ESET Mobile Security provides award-winning protection against a multitude of Android security issues such as viruses, ransomware, adware, and other malware, or unwanted permissions given to applications. It also offers multilayered protection against phishing, smishing, and scams.

Here is a brief list of some features:

Antivirus – Protects against malicious app installs and from malicious apps downloaded from app stores. With permission, Antivirus can also check all files on the mobile device.

Anti-Phishing – Protects against malicious websites attempting to acquire users’ sensitive information on the most used browsers and social networks including Facebook, Facebook lite, Instagram, and Facebook Messenger. SMS notifications are also covered. It also protects from accessing phishing or fraudulent sites that can be used, for example, to distribute malicious apps.

Link Scanner – This year, ESET introduced Link Scanner, which allows ESET Mobile Security to check every link a user tries to open, not only those coming from supported websites and social network apps. For instance, if a user receives a phishing link in a game app and opens it, the link is first redirected to the ESET Mobile Security app, where it is checked before being redirected to the browser.

Remember the Roblox attacks? Some of them start exactly with phishing links received via in-game messages or found in fake profiles used by scammers.

Adware Detector – Sometimes a user cannot identify which app is causing annoying unwanted pop-ups. The ESET Adware Detector functionality tracks all apps that are shown on the screen so the user can easily identify the app that should not be running and delete it.

Payment Protection – This is a safe launcher for financial apps, ensuring that other apps on your device will not be able to recognize the launch of a sensitive app, nor allow other apps to replace or read the screens of the financial app in question. This makes use of finance or other sensitive apps safer.

Anti-Theft – The ESET Anti-Theft feature protects your mobile device from unauthorized access, enables you to monitor foreign activity, and tracks your device’s location. You can also display a message to the finder if your device is lost.

 

What about iOS?

There may be some iOS users who still hold on to the myth that their devices are secure simply because of the way these operating systems are built – applications on iPhone or iPad devices run in their own separate virtual spaces and can communicate with each other to a very limited extent. This environment also prevents external antivirus apps for iOS from working properly.

However, there are notable cyber incidents, proving that iOS is not impenetrable. Therefore, iOS users should enhance the security of their devices with additional layers such as  , Identity Protection*, and Password Manager.

All of these are available for both iOS and Android users via ESET HOME Security, the recently upgraded all-in-one solution created for consumers who want to protect their household against all kinds of cyberthreats.

 

Be prepared for anything

Packed with tons of features and capabilities, mobile devices should make our lives easier, and not trigger headaches due to cyberthreats. That is why multi-layered protection focusing on prevention is needed.

Being a security leader with more than three decades of experience, ESET protects smartphone users of all generations whether they are browsing the internet, chatting, shopping, playing games, or executing financial operations.

 

* ESET Identity Protection is available only in selected countries.

Source: ESET

Date: 24 Oct 2024

With increasingly sophisticated attacks, households need top-end protection covering today’s complex threat landscape.

In a world where cybercriminals can abuse AI to create fake recordings of your face needed to bypass video-based authentication, or where phishing copycats of legitimate websites are almost unrecognizable from their real counterparts, and media repeatedly inform us about huge data breaches, it is no surprise that the general public is worried about what the future holds.

Even tech-savvy and vigilant home admins can’t be sure that their personal data won’t leak due to third-party data breaches, nor can they monitor their children or less-aware family members 24/7 to prevent them from being fooled by an advanced scam.

In such a world, security awareness training combined with a simple cybersecurity solution is not enough. Robust high-quality defenses covering numerous attack vectors such as accounts, web browsing, financial operations, mobile apps, and even physical theft are needed. Ideally, if such a solution is easy to use and its first line of defense is prevention – avoiding or stopping threats before they can do any harm – then home admins and their families will be able to rest better.

This year, ESET boosts its all-in-one solution for consumers, ESET HOME Security, with several new handy features battling the most feared attacks such as ransomware or phishing. Moreover, ESET introduces global Identity Protection* service, which provides rapid warning about personal data leaks and helps victims promptly mitigate possible identity fraud.

 

Growing concerns

The vast majority of British and American consumers are concerned that cyberattacks will increase or remain consistent over the coming year (97%) and become more sophisticated (69%), according to a 2024 study conducted by ThreatX and Dynata among 2,000 consumers. Only 13% express their confidence in being completely protected from cyberattacks in the next year.

Considering the volume of news about advanced cyberthreats and huge data breaches, these numbers are understandable. Here is a brief summary of the general public’s situation:

• Cybercrime is profitable, and it will grow. The global cost of cybercrime is expected to surge in the next four years, rising from $9.22 trillion in 2024 to $13.82 trillion by 2028.
• Technology is evolving, and so are cyberattacks. The recent Netacea survey among 440 businesses across the U.K. and the U.S. found that 93% of respondents believe they will face daily AI attacks within the next six months.
• Automated attacks are a constant threat. For example, Microsoft deflects more than 1,000 password attacks per second, spam messages accounted for over 46.8 percent of email traffic in December 2023, and more than 76 billion emails were phishing in the same year.
• The latest generation of PCs can break encryption by guessing random 6-character-long passwords in a single day, this despite the improved hashing methods used. Users of older hashing methods can get breached almost instantly.

 

Setting up defenses

The statistics above are not here to scare you, but rather to demonstrate the scale and complexity of the current threat landscape. This means that home defenses must be comprehensive but, at the same time, easy to operate to avoid security fatigue. Yes, cybercriminals are evolving; they use AI and automation. But guess what: cybersecurity vendors (such as ESET) can do the same.

Keeping all these threats in mind, proper home security should be multi-layered, covering multiple attack vectors and focusing on prevention. Here are some basic rules and solutions that people concerned about their cybersecurity should consider:

Cyber Hygiene – Besides awareness education, proper cyber hygiene also involves backups, regular patching and updates, encryption, and password hygiene.

Password Manager and Two-Factorial Authentication – An average person now uses 168 passwords and manages nearly 200 accounts. Considering how often cybercriminals attack credentials, it is quite useful to have these two solutions.

Antivirus – High-quality antivirus is a must nowadays. Don’t rely only on free or in-built protection.

Modern Endpoint Security – This involves Antispyware, Anti-Phishing, Ransomware Shield, and Script-Based Attack Protection combined with Advanced Machine Learning and sandbox technology that analyzes software before execution.

Parental Control – Parental Control offers a general overview of children’s online activities and flexible options to restrict access to some content or screen time.

Anti-Theft – Just recently in London, a mobile was stolen every six minutes in 2023. An Anti-Theft tool helps track stolen devices and protects their data.

VPN – Virtual Private Network is a technology that enables the creation of a secure and encrypted connection between a device and the internet.

 

Focus on quality

ESET HOME Security is an all-in-one, subscription-based solution offering all these technologies and covers multiple operation systems from Windows, to macOS, to Android, and also improves iOS security.

Despite being packed with a number of capabilities, it’s not hard to operate. ESET HOME Security comes with its own complete security management platform, ESET HOME, which allows easy management and sharing protection with family and friends.

Moreover, it is constructed in a way that allows low usage of your PC’s system resources, a fact also acknowledged in 2023 AV-Comparatives Performance Test.

As a global leader in digital security with more than 30 years of experience, ESET is committed to progress and staying ahead of adversaries. That’s why ESET constantly improves its technology, including ESET HOME Security.

This year, ESET comes with several new security and privacy features while improving already-existing ones:

New Global Dark Web Monitoring – ESET Identity Protection* scours websites on the dark web, black market chat rooms, blogs, and other data sources to detect the illegal trading and selling of users’ personal information. ESET technology sends prompt alerts so they can take immediate action.

New ESET Folder Guard – This technology helps protect Windows users’ valuable data from malicious apps and threats, such as ransomware, worms, and wipers (malware that can damage users’ data). Users can create a list of protected folders and files in these folders; these can’t be modified or deleted by untrusted applications.

New Multithread Scanning – Improves scanning performance for multi-core processor devices using Windows by distributing scanning requests among available CPU cores. There can be as many scanning threads as the machine has numbers of processors.

New Link Scanner – This feature improves ESET Mobile Security Anti-phishing (EMS), which, in general, blocks potential phishing attacks coming from websites or domains listed in the ESET malware database. The Link Scanner allows EMS to check every link a user tries to open, not only those coming from supported browsers and social network apps. For instance, a phishing link that pops up in a game will also be checked.

Improved Gamer mode – This feature is for users who demand uninterrupted usage of their software without pop-up windows and want to minimize CPU usage. The improved version allows users to select applications that will not run in Gamer mode. When running an excluded application in full screen mode, Gamer mode will not be used. For cautious players, there is also a new option to display interactive alerts while gamer mode is running.

Improved Password Manager – ESET’s Password Manager now includes an option to remotely log out of Password Manager when logged in on other devices. Users can check their password against the password breach list and can view a security report that informs them if they use any weak or duplicate passwords for their stored accounts. Password Manager has an integrated option to use third-party programs as an optional two-factor authentication (2FA) solution.

Improved Cyber Security for Mac users – ESET HOME Security tiers for Mac users now have a new unified Firewall with both basic and advanced setup options in the main Graphical User Interface (GUI). This means the solution is tailored to the needs of users from basic to more advanced, and without unnecessary settings.

 

Home is where you feel safe

Despite the digital world becoming more complex and dangerous, this doesn’t mean that average users should constantly look over their shoulders. Yes, they need to stay vigilant, but home should first and foremost be a place of peace and comfort.

So set up defenses, update them regularly, and enjoy your time with your family knowing that your cybersecurity is left to professionals.

 

* ESET Identity Protection is available only in selected countries.