Since scareware varies in form and capability, staying safe from such threats requires a robust cybersecurity solution and a sharp eye.

You’re scrolling through your Facebook feeds when, all of the sudden, a bright, blinking, and loud warning pops up. It claims your smartphone has been attacked by a virus or has technical issues and urges you to install a self-described cleaner app. Just a few taps and a few dozen bucks in in-app purchases later, and you’ll supposedly be rescued from malicious attacks and data loss.

image 1: Recording of a scareware ad. This particular ad is mimicking a virus alert.

However, in reality there are no real threats, nor any device issues. The messages, in fact are just standard paid advertisements on the Meta platform. Using rumble sounds and animations, they mimic device alerts trying to trick targets into believing their device is under attack or is malfunctioning. Such attacks are delivered via scareware. ESET discovered that one particular scareware campaign distributed these messages via more than 250 ads between February and April 2025 until it was shut down by Meta due to Unacceptable Business Practices by their clients.

Malicious campaigns like this show how easy it is to launch very believable scam campaigns that have the potential to reach hundreds of thousands of people. As scareware varies in form and capability, staying safe from such threats requires a robust cybersecurity solution. The Essential tier of ESET HOME Security was already recognized last March as AV-Comparatives’ Product of the Year 2024, and now ESET HOME Security has evolved even further with enhanced anti-scam feature. This means users gain protections even in situations where well-crafted scams would have otherwise successfully defrauded their targets.

Try ESET HOME Security now!

 

How scareware works

Scareware usually describes malicious software or scams using scare tactics to manipulate users into downloading malware or buying unwanted software. To put it simply, scareware serves as a gateway for malware or scams.

Scareware as a scam can come in the form of unsolicited messages, pop-ups, or ads on social networks scaring users into obtaining unwanted and often harmful software. Scareware is often combined with  .

Scareware as a class of malicious software includes rogue security software and other scam software that tricks users into believing their computer is infected with a virus. Typically, it displays an alert message persuading users to download and pay for fake antivirus, cleaner apps, or other software to remove it. Usually, the virus is fictional, and the software is non-functional or actually malware.

image 2: An example of a fake security alert stressing the target to call technical support.

Removing malware by deleting pictures?

Now, let’s take a look at the abovementioned ESET-discovered scam campaign. It targeted iPhone users with messages ranging from “Apple security alert!” and “Photo damaged” to “Your phone has been hacked!” or “167 Virus attacking your system!”.

image 3: Recording of a scareware ad claiming that the phone is paralyzed by junk files, enticing the user to install a cleaning app.

The scammers have perfected their approach: believable visuals, splashing bright colors, using pseudo-official warnings, urging immediate action, and even imitating phone rumble notifications with specific audio.

The truth is that considering the current state of AI tools, none of those elements are hard to produce anymore. Being distributed via social media by the fake account going by the name “Clean forrr-0221”, these convincing individual ads could have reached anywhere from thousands to hundreds of thousands of users.

image 4: The advertiser’s profile on Meta Ad Library with hundreds of now inactive ads.

And what about the advertised solution? The promoted ad doesn’t claim to remove malware. Its description describes removing duplicate photos—a feature that many smartphones already have built in.

That being said, it’s important to add that scareware ads on social media can lead to different types of apps. Some of them can be dangerous spyware, while others can border on being useless or offer a completely different type of service to what the ad promised for a fee.

 

Don’t be scared out of your wits

Dealing with scareware involves a combination of awareness, prevention, and action:

Awareness is the first step; understanding that scareware is designed to frighten you into making hasty decisions can help you avoid falling for such a scam. Always be skeptical of unsolicited warnings and offers, especially those that create a false sense of urgency.

When it comes to prevention, here are a few basic steps you should take:

• Ensure your device’s security is up to date and use reputable antimalware software to detect and block malicious programs.
• Regularly update your operating system and applications to patch vulnerabilities.
• Use a pop-up blocker to reduce the chances of encountering scareware ads.
• Avoid clicking on suspicious links or downloading software from untrusted sources, and be cautious with emails from unknown senders.
• Before installing any app, read its description carefully, see reviews, and background-check its creator.

If you suspect that scareware has already infested your device, take immediate action. Run a full system scan with your antimalware software to find and stop possible threats. It also is advisable to change your passwords and monitor your accounts for any unusual activity, as scareware can sometimes steal credentials.

You can learn more about dealing with scareware here.

 

Brace yourself with ESET

Scareware may seem like a simple scam, but it can have serious consequences ranging from financial losses to data breach or identity theft due to its malicious nature or by leading to a follow-up compromise.

Comprehensive scam protection therefore requires proactive defense that covers multiple smart devices and can deflect various kinds of attacks while keeping cybersecurity management simple and clear. This is exactly what ESET HOME Security is designed for.

To illustrate this, let’s say that there is a scareware attacking your Windows device, prompting you to pay for and install fake antivirus software, which is in fact a spyware. ESET HOME Security Ultimate can protect you in multiple ways:

Antispam can be the first line of defense, as many scams and cyberattacks start as spam emails. Spam messages accounted for over 46.8% of email traffic in December 2023.

Anti-Malware can discover, recognize, and stop scareware, spyware, and other types of malware trying to compromise your device.

Anti-Phishing can prevent you from visiting a phishing website offering fake antivirus or other deals.

Safe Banking & Browsing creates a secure environment when accessing online banking or online payment gateways to keep your financial data safe.

ESET Identity Protection is a last line of defense in case attackers have already stolen your data and are now selling it on the Dark Web. ESET Identity Protection detects these activities thanks to continuous black-market monitoring, and alerts you.

ESET VPN – A VPN assigns you a new IP address while making your online traffic secured and encrypted. In this way it can protect you against cybercriminals trying to intercept your data or track your online activity and use all these information (such as stolen credentials) for further scams.

ESET HOME Security also utilizes ESET Mobile Security for Android, which is a stand-alone solution recognized for its robust protection including Antivirus, Payment Protection, Anti-Phishing, Adware Detector, Anti-Theft and much more. Even Apple users can benefit from ESET HOME Security thanks to additional layers of protection such as Identity Protection and VPN.

Small Office/Home Office owners can stay protected from scareware thanks to ESET Small Business Security. It utilizes most of the above-mentioned features including Antivirus & Antispyware, Anti-Phishing, Safe Banking & Browsing, VPN, and extra layer of protection for Windows Server users—Safe Server.

 

Peace of mind

In the world of believable automated large-scale scams, simple in-built antivirus is not enough. Scareware preys on our human instincts to deal with sudden threats immediately, without thinking it through. Having a top-notch award-winning cybersecurity solution can bring peace of mind into even those stressful situations.

 

Threat actors targeting mobile users usually go for their victims’ personal information or their money.

From messaging app copycats, toolkits simplifying marketing-scam creation, and on to malware taking advantage of the popularity of gaming-apps, threats to mobile users take on many forms and are constantly evolving.

Check this list of recent malicious mobile campaigns discovered by ESET researchers that target the Android OS to better recognize how these threats look.

If you want to protect your mobile device against such attacks, try ESET Mobile Security.

 

StrongPity espionage campaign

In early 2023, ESET researchers published a blog about the StrongPity a malware campaign which spread a trojanized version of the hugely popular Android Telegram app. It was re-packaged and presented as “the” app for the video-chat service Shagle, despite the fact that Shagle doesn’t have an official app. The fake app was then distributed from a copycat Shagle website.

image 1. Comparison of the legitimate website on the left and the copycat on the right

Ultimately, criminals used Shagle’s popularity, the app has 2.5 million active users, to spread this malware and its diverse spyware features, including 11 functions that are responsible for recording phone calls, collecting SMS messages, call logs, contact lists, and much more. If a victim grants the malicious StrongPity app access to their phones accessibility services, it will also be able to monitor incoming notifications and will be able to steal communications from 17 apps such as Viber, Skype, Gmail, Messenger, or Tinder.

 

Transparent Tribe Campaign

In March 2023, ESET researchers published a blog about a cyberespionage campaign that distributed CapraRAT backdoors through trojanized and supposedly secure Android messaging apps; the apps  also accessed and removed sensitive information. Victims were likely targeted through a honey-trap romance scam where they were initially contacted on one platform and then convinced to use supposedly “more secure” apps, which they were then lured into installing.

image 2. Distribution website of CapraRAT posing as MeetUp

After the victim signs into the app, CapraRAT then starts to interact with the server operated by the cybercriminal by sending basic device info while it waits to receive commands to execute. Based on these commands, CapraRAT is capable of stealing call logs, contact lists, SMS messages, recorded phone calls, recorded surrounding audio, CapraRAT-taken screenshots, CapraRAT-taken photos, and much more.

It can also receive commands to download files, launch any installed app, kill any running app, make calls, send SMS messages, intercept received SMS messages, and download updates and request the victim to install them.

 

Not-so-private messaging

At the beginning of 2023, ESET researchers discovered dozens of copycat Telegram and WhatsApp websites mainly targeting Android and Windows users with trojanized versions of these instant messaging apps.

image 3. Distribution diagram of trojanized messenger apps

Most of the malicious apps identified by ESET researchers are clippers, a type of malware that steals or modifies the contents of the clipboard. Some of these apps use optical character recognition (OCR) to recognize text from screenshots stored on the compromised devices. All of them were chasing after victims’ cryptocurrency funds, with several targeting cryptocurrency wallets.

 

Android Gravity RAT

In June 2023, ESET researchers published research on Android GravityRAT spyware. This malware was distributed within the malicious but functional messaging apps BingeChat and Chatico — both based on the OMEMO Instant Messenger app.

image 4. Distribution website of the malicious BingeChat messaging app

This spyware can steal call logs, contacts, SMS messages, device location, basic device information, and files with specific extensions, such as jpg, png, txt, pdf, etc. GravityRAT can also access and steal WhatsApp backups and receive commands to delete files.

 

SpinOk

In the second half of 2023, ESET telemetry detected an 89% increase in Android malware detections primarily due to a mobile marketing software development kit (SDK) – a digital tool box- that ESET identifies as SpinOk Spyware. This toolbox was offered as a gaming platform and was incorporated into numerous legitimate Android apps, including many available on official app marketplaces.

image 5. Android/SpinOK detection trend in H2 2023, seven-day moving average

Once an app with the aforementioned SpinOK toolkit is installed, it operates like spyware, connecting to the criminal’s command-and-control server and stealing a range of data from the device, including potentially sensitive clipboard (short-term storage) contents.

 

Telekopye

In 2023, ESET researchers found the source code of a toolkit that helps well-organized groups of scammers to conduct online-shopping scams without being particularly well-versed in IT. The toolkit, which ESET researchers have named Telekopye, creates phishing web pages from predefined templates, generates phishing emails and SMS messages, and sends them to targeted users.

image 6. Generated fake screenshot (template on the left, template filled with sample text on the right)

First, attackers find their victims, then they try to earn their trust, so they fall for either a buyer scam, a seller scam, or a refund scam. When attackers think that a victim sufficiently trusts them, they use Telekopye to create a phishing web page from a premade template and then send the URL to the victim. For example, attackers trick a victim into buying a non-existent item and then send them a link to a phishing web page resembling the payment page of the legitimate online marketplace listing the reputed item.

After the victim submits card details via this page, the attackers use these card details to steal the victim’s money.

 

Kamran

In late 2023, ESET researchers identified a possible watering-hole attack on a regional news website that delivers news about Gilgit-Baltistan, a disputed region administered by Pakistan. When opened on a mobile device, the Urdu version of the Hunza News website offered readers the possibility to download the Hunza News Android app directly from the website; however, the app had malicious capabilities, specifically espionage.

The Kamran spyware in question displayed the content of the Hunza News website and contains custom malicious code. Upon launching, Kamran prompts the user to grant permissions to access various data stored on the victim’s device. If permissions are granted, Kamran spyware automatically gathers sensitive user data, including SMS messages, contacts list, call logs, calendar events, device location, list of installed apps, received SMS messages, device info, and images.

image 7. English (left) and Urdu (right) versions of Hunza News shown on a mobile device

 

EvilVideo

ESET researchers discovered a zero-day exploit that targets Telegram for Android, and appeared for sale for an unspecified price in an underground forum post on June 6, 2024. Using the exploit to abuse a software vulnerability that researchers named EvilVideo, attackers could share malicious Android content via Telegram channels, groups, and chat, and make them appear as multimedia files. The exploit only works on Android Telegram versions 10.14.4 and older. After ESET researchers approached Telegram, they fixed the issue.

The exploit seems to rely on the threat actor being able to create a malicious payload (content) that displays an Android app as a multimedia preview. Once shared in a chat, the payload appears as a 30-second video. Since media files received via Telegram are set to download automatically by default, it means that users with the option enabled will automatically download the malicious payload once they open the conversation where it was shared. The option can be disabled manually; in that case, the payload can still be downloaded by tapping the download button in the top left corner of the shared “apparent” video.

 

Threats targeting Hamster Kombat players

In mid-2024, ESET researchers discovered and analyzed two threats abusing the success of Hamster Kombat, an in-app Telegram clicker game where players earn fictional currency by completing simple tasks and incentives to log into the game daily.

The first threat is a fake, non-functional, malicious app resembling the Hamster Kombat app that contains Ratel Android spyware capable of stealing notifications and sending SMS messages. The malware operators use this functionality to pay for subscriptions and services with the victim’s funds without the victim noticing.

image 8. Malicious Hamster Kombat access requests

The second threat is a collection of fake websites that mimic app stores claiming to have Hamster Kombat available for download. However, tapping the “Install” or “Open” buttons only leads the user to unwanted advertisements.

 

Phishing in PWA applications

In mid-2024, ESET Research published a blog about an uncommon type of phishing campaign targeting mobile users who are clients of a prominent Czech bank. This technique is noteworthy because it abuses a Progressive Web Application (PWA), allowing the installation of a phishing app from a third-party website without the user having to allow third-party app installation.

The initial sources of this campaign included automated voice calls, SMS messages, and social media malvertising that ultimately encouraged victims to open a phishing URL redirecting them to a fake Google Play Store page for the targeted banking application, or a copycat website for the application.

image 9. Example of a malicious advertisement used in these campaigns

After visiting these fake websites, Android users saw a pop-up ad enticing them to install the malicious application resembling the legitimate banking application. The application was, in fact, created with WebAPK technology that enables the creation of web applications that can be installed on Android devices as if they were native, or legitimate. This allows users to install PWAs to their home screen on Android devices without having to use the Google Play Store.

 

NGate

While monitoring a malicious campaign that abuses Progressive Web Application (PWA) to steal banking credentials from targets in the Czech Republic, ESET researchers uncovered a truly novel attack related to the previous campaign. In August 2024, ESET published a blog about the same criminal group improving their techniques to enable unauthorized ATM withdrawals from the bank accounts of clients at three Czech banks.

image 10. NFCGate architecture (source: https://github.com/nfcgate/nfcgate/wiki)

First, cyber criminals deceived victims into believing that they were communicating with their bank and then tricked them into downloading and installing a fake banking app with a unique malware that ESET has named NGate. The malware clones near-field communications data (NFC) from victims’ payment cards using NGate and sends this data to an attacker’s device. That device was then able to imitate the original card and withdraw money from an ATM.

 

Nomani

In 2024, social media saw a flood of new scam ads propagating “secret” investment opportunities, miraculous dietary supplements, and legal or law enforcement assistance.

To make these offers appear credible, criminals abused brands of local and global businesses or use AI-generated deepfake videos featuring famous personalities apparently guaranteeing the legitimacy of the advertised products. The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest their personal information.

 

Ghost Tap

Shortly after ESET researchers discovered the novel attack method — NGate stealing near-field communications data (NFC) from victims’ payment cards — cybercriminals improved upon the technique.

Using various phishing tricks, criminals persuade victims to reveal their payment card details together with a one-time passcode to confirm the card for a digital wallet. Then, with the card data and code at their disposal, the attackers register the stolen credentials in their own Apple or Google wallets, relay these loaded wallets to other devices, and make fraudulent contactless payments anywhere in the world.

image 11. Geographic distribution of NFC-related Android malware and scams in H1 2025

 

 

Conclusion

There are two main takeaways from these cases:

First, as you can see, some of these cyberattacks and scams can be spotted right away, if users pay attention and have some knowledge of security awareness. Research blogs, such as those previously mentioned, may serve as valuable sources. Android users who stay informed about newly discovered malware and emerging scams can enhance their risk awareness, enabling them to better safeguard against future online threats.

Second, certain malicious campaigns are more sophisticated and challenging to spot. Furthermore, cybercriminals often target vulnerable groups, including children and the elderly, who may be less prepared to confront such dangers. In any case, it is always good to have a reliable cybersecurity solution such as ESET Mobile Security that can detect and neutralize these threats — ideally before any damage occurs to your device or data.

Source: ESET

Date: 22 October 2025

Improved ESET HOME Security battles the growing threat of digital scams.

If you’ve been thinking that you aren’t an interesting target for digital scammers because you are an average person, your bank account isn’t overflowing with cash, and your online activities are mundane, ask yourself these four questions:

Do I have at least one online account of any kind? Do I have a name? A birth date? A home address?

Of course, you do! And all these are valuable data for cybercriminals.

In general, scams are no longer isolated incidents conducted by individual swindlers targeting important people. No, today they are mass-produced, automated, AI-powered, ever-present threats that will, at some point, come to our digital doorsteps.

Recognizing scams as one of the biggest threats to people’s digital lives, ESET has updated ESET HOME Security, the all-in-one protection for households, by boosting its anti-scam capabilities.

PROTECT YOUR HOUSEHOLD NOW!

Because scams endanger small businesses with no or only a few employees, much like the demographics of households, ESET also incorporated these improvements to ESET Small Business Security

 

Scams are everywhere

People in the U.S. recognize cybercrime as a serious threat, but at the same time, they don’t fear scams going after their finances so much—only 37% of them expect to be targeted in the next year. The reality, however, is much darker.

Cumulatively, scams are a global threat that siphoned away over $1.03 trillion globally in 2023, a figure similar to the entire GDP of countries like South Africa, Singapore, or Colombia.

Global Anti-Scam Alliance (GASA) data shows that almost half of the world’s population encounters a scam at least once a week and that the U.S. suffers from the highest scam losses, averaging $3,520 per victim.

The costliest frauds targeting individuals as reported to the FBI in 2024: 

• Investment Scams: $6.6 billion
• Tech Support Scams: $1.5 billion
• Personal Data Breaches: $1.5 billion
• Non-Payment/Non-Delivery Scams: $0.8 billion
• Confidence/Romance Scams: $0.7 billion

 

Real-life stories

What ESET researchers see is not only the sheer volume of scams but also their increased complexity and seeming credibility. Fraudsters now have tools, including AI, that allow them to create sophisticated scams with less effort than ever before.

For example, in the second half of 2024, ESET telemetry detected a flood of scam ads, recognizing them under the name Nomani (a wordplay referring to “no money”). Using AI and deepfakes featuring famous personalities such as Joe Rogan or Elon Musk, these ads promoted “secret” investment opportunities, miraculous dietary supplements, and legal or law enforcement assistance. But as the name suggests, those lured into the scams ended up with no money and no real product or service.

Ondrej Kubovič explains Nomani the investment scam:

 

The hyperscaling of scams and the availability of supporting resources delivered as a service in the underworld can be also demonstrated by Telekopye, an ESET-discovered Telegram bot offered on the black market for a price, allowing its customers — scammers — to easily create their own scam campaigns. Its capabilities vary from fully automated phishing webpages to fraudulent email spam campaigns.

Image 1: This toolkit, used in Telekopye marketplace scam operations, creates phishing links for the seller scam scenario.

 

If you are among those 67% percent of people who are confident in their abilities to detect scams, be aware that some scams can go far beyond just simple phishing attempts or AI-generated ads.

Recently, ESET researchers uncovered a novel multi-staged attack scenario in which cybercriminals combine various scam tactics to impersonate bank employees protecting customers from a cyberattack in order to wipe out the bank accounts of unknowing victims. This scenario includes pretexting (a fabricated story), phishing, tech support fraud, and a malicious phone app that steals near-field communications (NFC) data for contactless payments.

While it may seem that the scope of this complicated scenario is limited, cybercriminals have already started to try it all around the globe and have found a way to scam people en masse.

 

How to protect your household

Considering the volume of reported scams, the success rate of financial fraud is shockingly high (37% in the U.S. and 35% in the U.K.). This means that from now on, public awareness and risk prevention should become second nature. Let’s highlight the basics:

Verify before trusting – Rule No. 1 is always verifying the identity and the request/offer of anyone who contacts you unexpectedly — especially if they ask for money or personal information.

– Recognize common scams, and encourage your family members to discuss any incidents they’ve encountered, so you can deal with them together.

Secure your accounts – Ensure that all your family’s online accounts have strong, unique passwords. ESET Unique Password Generator is a good start. If possible, enable Two-Factor Authentication (2FA).

Stay updated – Keep your software, including cybersecurity programs, up to date. Don’t forget about routers.

Report suspicious activity: If you or a family member falls victim to a scam, don’t hesitate to report it to the authorities — they really can help. The FBI’s Financial Fraud Kill Chain has a 66% success rate in freezing reported transactions.

 

Stop scams with reliable cyber protection

When you have several family members using multiple smart devices, protecting everyone all the time is not an easy task. Robust cyber protection is necessary, but home admins are, naturally, also worried about the affordability and usability of comprehensive solutions.

These concerns aren’t new to ESET, which has been developing and fine-tuning its solutions for more than 30 years. To address all the requirements of you home admins, ESET has created ESET HOME Security, a powerful all-in-one protection solution with multiple product tiers available so that households can configure their protection based on their specific needs. ESET is proud to see that even its Essential tier was recognized last March as AV-Comparatives’ Product of the Year 2024, thanks to its reliability, performance, and user experience.

Table 1: Overview of available features in ESET HOME Security and ESET Small Business Security subscription tiers

With its latest update, ESET HOME Security can deliver even better results when battling both scams and malware. See the features available for Windows users:

Antispam – Emails are one of the most abused online services when it comes to scamming people. With a watchful antispam feature, users can dodge many of those attempts.

Malware protection – This is the crown jewel of ESET technology, combining various advanced reputation and analytical tools to discover, recognize, and stop malware.

Ransomware protection – ESET Ransomware Shield is designed to detect and block processes that resemble ransomware. The now-updated ESET HOME Security also includes the award-winning Ransomware Remediation feature, which creates backups of affected files after a potential ransomware threat is identified.

Phishing protection – With ESET Anti-Phishing, you can stay safe from scams and fake websites. Guard your browser, social apps, SMS, and links from attempts to steal your sensitive information.

ESET Safe Banking & Browsing – This is a browser extension for elevated security and privacy complemented by Website Security Inspector. It scans the rendered HTML directly in the browser, enabling users to distinguish easily between safe and unsafe search results. Stay protected from phishing websites and other threats. Clear your browser data on demand or automatically, reducing digital clutter and optimizing browser efficiency.

ESET Device Control – This tool monitors and alerts users to access attempts to various devices, including webcam and microphone.

 

“Three things are certain in life”

Before the digital age, the saying used to be that there were only two things certain in life: death and taxes. Based on available data and global user experience, perhaps it’s time to add “scams” to the list.

In a world where any pop-up, ad, SMS, email, phone call, URL, or download button could be the start of a scam, reliable online protection can’t only pivot around the detection of malware on devices. ESET understands that modern scammers use a wide variety of tactics and tools, so reliable protection for households needs to be robust, multilayered, and focused on prevention.

With ESET HOME Security, you and your family members can rest assured that your finances and valuable data are safe.

PROTECT YOUR HOUSEHOLD NOW!

 

Source: ESET

Date: 21 October 2025

BRATISLAVA — October 21, 2025 — ESET, a global leader in cybersecurity solutions, today announces its upgraded consumer offering, ESET HOME Security and its Small Office/Home Office (SOHO) offering, ESET Small Business Security. The update introduces new features such as Ransomware Remediation, along with enhanced functionalities within existing features, including Microphone Monitor and Website Security Inspector. This launch also appreciates VPN as a critical cybersecurity tool. To that end, ESET has made ESET VPN available not only to ESET HOME Security Ultimate users, but also to those with ESET HOME Security Premium.

Recognizing scams as a global threat that can harm virtually anyone, anywhere, at any time, ESET now delivers enhanced scam protection, addressing attacks vectoring from all types of sources, including SMS, email, phone calls, URLs, QR codes, malicious files, and more.

The updated ESET HOME security management platform also introduces simplified security management, making it easier for home admins to protect their families, and SOHO owners to observe exactly who and what are protected, and to distribute security apps with a consistent, simplified experience.

“As a progressive digital life protection vendor, ESET carefully monitors the current threat landscape and develops its protection solutions accordingly,” said Viktória Ivanová, Vice President of Consumer and IoT Segment at ESET. “Heightened scam protection, added Ransomware Remediation, and multiple privacy protection improvements make both ESET consumer and SOHO offerings robust, all-in-one solutions for households and Small Office/Home Offices seeking reliable security that has low impact on performance and is easy to use.”

ESET HOME Security and ESET Small Business Security are available across all major operating systems—Windows, macOS, Android, and iOS—and cover all typical smart home devices. On top of that, ESET Small Business Security also protects Windows servers.

 

Key ESET HOME Security (for Windows) – improvements include:

Added Ransomware Remediation — Originally developed for large businesses, Ransomware Remediation minimizes the impact of ransomware attacks. Once a potential ransomware threat is identified by ESET Ransomware Shield, ESET Ransomware Remediation immediately creates backups of affected files, and after the threat is mitigated, it restores the files, effectively reverting the system to its previous state.

Enhanced privacy protection — New Microphone Monitor detects, and alerts users to, any unauthorized attempts to access the microphone hardware on Windows devices.

Enhanced browser security — New Website Security Inspector adds an extra layer of protection against phishing, scams, and malicious websites. This feature scans the rendered HTML in the browser to detect malicious content that can’t be detected on the network level and by URLs blacklist.

 

Key ESET Cyber Security (for macOS) enhancements – (new features and updates):

macOS 26 Tahoe support — User can enjoy ESET Cyber Security on the latest version of macOS.

HTTPS & HTTP/3 support — Improves overall end-user protection when online.

Device Control — This feature monitors and manages external devices connected to the Mac. It helps protect against malware and unauthorized transfers of data by restricting access to specific device types or even individual devices.

All these improvements are designed to address the evolving threat landscape with special attention to prevention. ESET also believes in the importance of both cyber hygiene and user experience because truly effective cybersecurity should be easy to set up and administer.

More information about the consumer offering and subscription tiers can be found here. Detailed description of SOHO offering is available here.

Table 1: Overview of available features in ESET HOME Security and ESET Small Business Security subscription tiers

 

Source: ESET

Date: 17 June 2025

BRATISLAVA — June 17, 2025 — ESET, a global leader in cybersecurity solutions, is proud to announce its recognition as the Customers’ Choice in the 2025 Gartner® Peer Insights™ “Voice of the Customer” report¹ for Endpoint Protection Platforms, in the category of Organizations with Annual Revenue between 50M – 1B USD. This distinction reflects the positive feedback and high satisfaction ratings from verified end users who rely on ESET´s solutions to defend against evolving cyber threats.

According to the report, 95% of Gartner Peer Insights reviews received for ESET indicated a 5-star (60%) or 4-star (35%) rating. Overall, our customers have given us a rating of 4.9 out of 5 during the last 180 days, with 98% of them concluding they would recommend our product. “In our view, ESET’s placement in the report underscores our commitment to delivering reliable, effective, and user-friendly endpoint protection platforms solutions to organizations worldwide,” said Zuzana Legáthová, Director of Test, Analyst Relations and Market Research at ESET.

The “Voice of the Customer” report aggregates peer reviews and ratings over an 18-month period, offering valuable insights into customer experiences with leading cybersecurity vendors. ESET´s recognition is based on reviews from 187 verified end-user professionals, and we believe that it focuses on their direct experience with operating the ESET PROTECT Platform.

“Being named a Customers’ Choice by Gartner Peer Insights is a powerful validation of the trust our users place in ESET. It reflects our ongoing mission to deliver cybersecurity that’s not only powerful and reliable but also intuitive and tailored to the real-world needs of modern organizations,” said Pavol Balaj, Chief Business Officer at ESET.

ESET PROTECT is a comprehensive cybersecurity platform designed to meet the evolving needs of modern organizations. Built on decades of expertise and continuous innovation, it delivers a Prevention-First approach to security, integrating advanced technologies and security services into a single, scalable solution.

At its core, the platform features ESET LiveSense, a multilayered security engine powered by over 30 years of human expertise, machine learning, and ESET LiveGrid, a global cloud-based reputation system. This foundation enables balanced breach prevention, detection, and response capabilities, ensuring robust protection across all digital environments.

Key features include:

• Modern, multilayered endpoint security for desktops, servers, and mobile devices
• Extended protection for cloud applications, email systems, and servers
• Comprehensive vulnerability assessment and patch management
• AI-native detection technologies and advanced threat protection
• Globally sourced telemetry and threat intelligence
• Managed Detection and Response (MDR) services with local support and a fast 20-minute response time

The report is based on over 5,400 reviews collected over an 18-month period ending January 31, 2025. Only vendors with a minimum of 20 eligible reviews and 15 ratings for “Capabilities” and “Support/Delivery” were included.

Discover more about ESET PROTECT Platform. For more information about ESET’s awards and recognized excellence, click here.

GARTNER is a registered trademark and service mark of Gartner, Inc., and/or its affiliates in the U.S. and internationally, and PEER INSIGHTS is a registered trademark of Gartner, Inc., and/or its affiliates and are used herein with permission. All rights reserved. Gartner® Peer Insights™ content consists of the opinions of individual end users based on their own experiences and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product, or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

 

 

Source: ESET

Date: 25 March 2025

• ESET adds Ransomware Remediation to the ESET PROTECT Platform as part of its latest B2B update.
• Ransomware Remediation works with, and is enabled by, the ESET Ransomware Shield, which monitors for and blocks sophisticated attacks.
• Ransomware Remediation creates temporary encrypted backups of important data, all in a sequestered environment untouchable by untrustworthy apps and processes.
• ESET is also updating its ESET Cloud Office Security module with anti-spoofing and homoglyph protection, profoundly increasing email security.
• In addition, ESET AI Advisor has received stability and performance improvements and can now work with incidents created automatically by ESET Inspect and its users and those generated by the ESET MDR service.

BRATISLAVA, Slovakia — March 25, 2025 — ESET, a global leader in cybersecurity solutions, today released new updates for the ESET PROTECT Platform. The new business-oriented update, among other notable changes such as new functionalities for ESET Cloud Office Security and the ESET AI Advisor, includes the Ransomware Remediation feature, a new way to prevent ransomware encryption from causing long-term business disruption.

Ransomware attacks have become particularly sophisticated, as threat actors seek to undermine every aspect of security stability that a business has. The key element of these attacks is encryption, blocking access to business systems, causing costly process disruption, and ultimately forcing firms to pay to decrypt their systems. Threat actors go as far as targeting system backups, deleting or corrupting them, leaving nothing to chance. This makes recovery almost impossible, driving up remediation costs as well.

Prior to this update, multilayered ESET LiveSense technology acting via Ransomware Shield, Network Attack Protection and/or the Host-Based Intrusion Prevention System (HIPS) worked to proactively prevent ransomware and other sophisticated attacks from causing harm. Specifically, Ransomware Shield, which monitors and evaluates all executed applications based on their behavior and reputation, is designed to detect and block processes that resemble the behavior of ransomware.

Now, to take the initiative away from the threat actors and put it into the hands of businesses themselves, ESET is upgrading Ransomware Shield (RS) with Ransomware Remediation (RR), a proprietary backup solution created to protect against ransomware encryption.

ESET RR works in concert with RS, which prompts RR to create backups as soon as it flags suspicious activity. It will continue to do so until RS decides the process is OK, at which point the backup is discarded. Otherwise, RS decides the process is malicious, kills it, and rolls back files from the backup.

ESET Ransomware Remediation’s complex process tree

Unlike other solutions based on the Windows Volume Shadow Copy service, the backups created by RR cannot be abused by the attackers. RR has its own protected storage section on the drive, where files cannot be modified, corrupted, or deleted by the attacker. This actively solves one of the most common failings of regular backups during a ransomware attack.

The only real limitation of the remediation function is drive size and a single-file size limit of 30MB. Admins should, therefore, know which file types to add to RR’s filter to apply during its course of action.

“ESET has a storied history in working against ransomware, both in the context of our endpoint security platform, our service offerings such as ESET MDR, and our part in the No More Ransom initiative. With the Ransomware Remediation feature, we want to emphasize that it doesn’t take a village to protect against sophisticated attacks. All it takes is a simple solution and a few clicks — leave the rest to ESET,” said Michal Jankech, Vice President, Enterprise & SMB/MSP at ESET.

RR is a free addition included in the ESET PROTECT Advanced tier and above and is only available for Windows-based systems. Critically, for this feature to work, RS must be enabled; however, it is activated by default so that customers are protected from the get-go.

But the updates don’t stop there. ESET is also adding anti-spoofing and homoglyph protection to its ESET Cloud Office Security (ECOS) module, preventing attackers from pretending to be trusted sources while also identifying their efforts to disguise malicious domains or URLs through letter substitution from other alphabets. Moreover, ECOS now also has an email clawback feature, enabling swift recall and quarantine of any delivered emails deemed suspicious. This all happens within new dashboards, which include fully customizable tabs and components that fit a user’s specific needs, with visually enhanced and new elements.

In other update news, ESET AI Advisor has received stability and performance improvements and can now work with incidents created automatically by ESET Inspect and its users and those generated by the ESET MDR service. With a greater set of data to process, ESET AI Advisor will stand out even more in its delivery of SOC-level advisory, enabling  enhanced security analyst workflows. ESET AI Advisor is now also available as an add-on to the ESET PROTECT Enterprise, ESET PROTECT Elite, and ESET PROTECT MDR subscription tiers.

For more information about the ESET LiveSense technologies used by the ESET PROTECT Platform, please visit our page here.

 For more information about the ESET PROTECT Platform itself, please visit our dedicated webpage.

 For more information about ESET Cloud Office Security and the ESET AI Advisor, please visit our webpage and our AI blog.

 To discover how ESET has been handling ransomware, please read our blogs on ESET MDR success stories and ESET Inspect’s preventive power.

Source: ESET

Date: 10 Oct 2024

The topic of vulnerabilities remains significant as new exploits emerge, underscoring the need for continuous vigilance and proactive defense strategies.

In a world that records on average at least 7,240 new vulnerabilities per quarter (based on 2023 data), patching critical vulnerabilities should be an immediate priority; otherwise, users might face anything from exposing confidential data all the way to opening their entire networks to ransomware or wiperware. The possible negative scenarios are unlimited.

Thus, focusing on your business’ cyber health matters, and with data breach costs climbing into several millions of dollars, patching all your devices/OSs grows considerably more critical.

 

A health check on vulnerabilities

First of all, doctors usually say that humans should support their health by ingesting a healthy dose of vitamins every day – lowering the chances of having compromised immune systems, leading to constant bouts of sickness. For organizations, the situation is much the same. Without investing in all-encompassing cybersecurity measures and awareness training, their body (business) will be left vulnerable to compromises (literally).

However, it seems that just like humans tend to underestimate their need for vitamins and health checks, so do businesses forgo important security checks and patching. There have been a plethora of cases where a business was breached due to a known vulnerability. For example, Equifax in 2017 was breached thanks to unpatched vulnerabilities¹, which threat actors used to get their hands on the private records of 147.9 million Americans.

Overall, this catastrophic breach cost Equifax around 1.4 billion USD. For a smaller business, such costs, even in proportion to their revenues, would likely bury them completely. A larger enterprise might weather the storm, but there is a high chance that they could fold as well, and all because their patching was, well, “patchy.”

 

Recording vulnerabilities – are you immune enough?

The database of Common Vulnerabilities and Exposures (CVEs) recorded 28,961 vulnerabilities for 2023 alone, representing a 15% rise compared to the previous year. For Q1 2024, 8,697 have already been reported (for comparison, in Q1 2023 it was 7,015).

Endpoints such as servers or computers remain risky, as they can harbor unpatched systems and apps. The same research also highlights how ransomware gangs are becoming more skilled, using programming languages that can more easily cross-compile, simultaneously targeting Windows and Linux systems.

There’s an online myth that Linux is inherently more secure than other systems – since threat actors only target commonly used ones. Said myth is easily debunked though, as Linux is one of the most widely used systems globally. It makes up approximately 96% of web server infrastructure, while Android represents 72% of the global mobile market share.

Recently, ESET Research broke a story about the Ebury botnet compromising around 400K Linux servers for cryptocurrency theft and other criminal activities. ESET researchers have also exposed numerous OpenSSH backdoors, leading to the documentation of almost 21 Linux-based malware families with credential-stealing and backdoor functionalities. Additionally, threat actors target Linux-based high-performance computing (HPC) clusters with sophisticated malware like Kobalos.

Thus, threats targeting Linux-based systems are quite real and can pack quite a punch to the gut of business security.

 

The ABCs of vulnerability solutions

Why deal with vulnerabilities, specifically? For a business that could already consider its cyber posture “ready” or “full,” it could seem like its current security software can take care of everything.

That’s not an entirely accurate observation. Endpoint security products in and of themselves are usually made up of multiple layers guaranteeing strong protection – but that doesn’t mean that your endpoint product can protect against every single external threat. There’s a reason why detection and response or cloud security are a thing these days; it’s all about minimizing risk by shrinking the attack surface as much as one can.

Though security tools can remediate rather quickly (with ESET-managed services responding in as little as 20 minutes), every piece of a security stack plays a different and important part in the active protection process.

Keeping ahead of attackers by preventing them from finding that vulnerable spot is the key to your security. Said spots can be anywhere – in an app, device OS, or server infrastructure – presenting multiple potential entry points. However, the right vulnerability and patch management solution can provide the necessary tools to assess and provide patching opportunities for that unsecure spot – wherever it may be.

 

ESET Vulnerability and Patch Management (V&PM) – a healthy dose of vitamins

As illustrated previously, threat development is more flexible than before, and defenses need to be shored up to protect all devices that a business employs.

With ESET Vulnerability and Patch Management, which is now also offered as a separate add-on to ESET PROTECT Entry and ESET PROTECT Advanced, even the smallest firm can start its prevention-first journey, warding off tomorrow’s threats looking to infiltrate their premises.

The V&PM module is directly integrated into the ESET PROTECT Platform and is always on – making it easy to stay up to date – protecting against attacks, zero-days, and ransomware all at once. Thus, ensuring visibility and situational awareness, which the entirely new V&PM dashboard improves by giving instant overviews of the vulnerability and patching status across an entire business network.

Moreover, to answer the need for comprehensive vulnerability assessment and patching, ESET has expanded the V&PM module by adding further system treatment into its repertoire – now also covering Linux² and macOS³.

For Windows and Linux servers, we understand that admins need full control, therefore, on these systems, the V&PM module is not automated and gives admins total control over the entire process, so that they don’t interrupt business workflows.

And if a security admin is growing suspicious about a particular system, on-demand vulnerability scanning will enable them to act quickly in case the need arises.

 

Sickness be gone!

With current security tools like the comprehensive ESET V&PM module, breaches traced to a vulnerability are no longer about bad luck – they are about inattentiveness and underestimation, both of which have enormous security and even existential consequences for organizations.

Upping the ante in this important area is compliance, with regulations such as NIS2 in Europe, and PCI DSS 4.0 globally, demanding transparent vulnerability disclosure and management. This all shouldn’t be surprising – with thousands of vulnerabilities being recorded quarterly, all it takes is one unpatched hole and tragedy awaits.

So please, take that health check and don’t underestimate your immune system – when you have those vitamins at hand, why not take them?

¹ The exploited vulnerability was related to a framework for creating web apps written in Java, enabling threat actors to run code remotely.

² Please check our website for desktop Linux compatibility.

³ Additionally, Linux patch management, as well as operating system vulnerability scanning and patching in macOS, is on the roadmap.

For more information about ESET Vulnerability and Patch Management, please visit our page here.

Discover how V&PM helps in staying compliant with cyber insurance in our blog here.