Skip to content

ESET launches eCrime reports to give security teams a strategic edge against modern cybercriminal groups

  • Launching ahead of RSAC 2026, ESET’s stand-alone eCrime reports provide security teams with curated, highquality insights into incidents, including key lessons, IoCs, hunting rules, and guidance, to strengthen resilience.  
  • ESET Threat Intelligence eCrime Reports deliver a clear, operational view into real-world intrusions and uncover hidden clusters of activity, including TTPs and infrastructure, moving beyond monitoring MaaS and RaaS advertisements.
  • Enabled with ESET AI Advisor, security teams are able to rapidly analyze and act upon threats with SOC team-level advisory.

Bratislava, San Diego — March 12, 2026 — ESET, a global leader in cybersecurity, today released eCrime Reports, a new strategic offering in the ESET Threat Intelligence portfolio. As companies have become increasingly overwhelmed by the growth and complexity of ransomware and infostealers, the demand for high-quality, curated cyber threat intelligence (CTI) has grown. With ESET’s new eCrime Reports, businesses have unprecedented access to data that shows how actual incidents unfold, including affiliate-level attack visibility, full attack-chain timelines and tooling, and region-specific telemetry.

“For over 30 years, ESET has helped governments, channel companies, and businesses stay protected from the world’s most advanced cybersecurity threats,” said Roman Kováč, Chief Research Officer at ESET. “Our newly launched eCrime Reports combine technical depth with functional defense guidance – based on feedback from ESET’s threat researchers around the world. This means law enforcement, IT, and security teams don’t just read about threats; they gain insights needed to anticipate attacks, close gaps, and strengthen defenses proactively. Focused on ransomware and infostealers, these eCrime reports help organizations to strengthen their overall cybersecurity postures, particularly in high-stakes environments.”

The new offering comes in two tiers – ESET Threat Intelligence eCrime Reports and ESET Threat Intelligence eCrime Reports Advanced. These curated reports are built on proprietary data and telemetry, with unique insights from real-world intrusions occurring across the globe. By following TTPs, ESET’s eCrime Reports uncover hidden clusters of activity, enabling and enhancing eCrime-related strategic decisions. Moving beyond monitoring MaaS and RaaS Dedicated Leak Sites (DLS), eCrime Reports can be supplemented with ESET’s proprietary intelligence feeds, including Android Infostealer, Malicious Email Attachments, Ransomware, Cryptoscam, Phishing URLs, Scam URLs, Smishing, and more. 

“Quality is essential in threat intelligence data,” said Kováč. “ESET Threat Intelligence customers are able to reduce maintenance and manpower associated with processing feeds – cutting through information overload associated with competitor threat intelligence offerings. Rather than struggling to sift through huge, noncurated external datasets, ESET’s services allow organizations to quickly identify and prioritize emerging business risks and previously unknown threats – giving them more time to accelerate incident response, mount an effective defense, and implement an overall more proactive cybersecurity posture.”

What’s Inside the Reports:

Activity Summary

A high-level overview of recent ransomware and infostealer campaigns distilled into strategic insights. Includes targeting patterns, attack progression, lessons learned, IoCs, and actionable guidance, to improve resilience.

Technical Analysis

Deep-dive reports on specific threat actors, campaigns, and more, detailing the full attack chain – from initial access to data theft. The technical analysis includes attacker tactics, tooling, infrastructure mapping, MITRE ATT&CK® coverage, and associated IoCs.

Monthly Digest

An executive-ready summary of current ransomware and infostealer activities. Outlines key trends, major incidents, and emerging threats, to help leadership set priorities and assess organizational risk.

eCrime Feed

A continuously updated stream of curated IoCs focused on ransomware gangs, their affiliates, and infostealer campaigns, delivered in standard STIX/TAXII format.

ESET AI Advisor (Advanced only)

ESET AI Advisor enables security analysts and decision-makers to rapidly interpret incidents and act upon threats. Built on 20+ years of AI and ML expertise, this generative AI module seamlessly integrates into day-to-day operations of security analysts.

Access to MISP Server (Advanced only)

Direct integration with curated threat intelligence. Automatic IoC ingestion enriches defenses, streamlines workflows, enhances detection, and supports incident response operations.

ESET’s eCrime Reports join the ESET Threat Intelligence portfolio, which includes three tiers, two of which are Premium APT Reports with in-depth analysis of global APTs, including state-aligned Russian, Chinese, Iranian, and North Korean groups. Supported by global threat hunters, these reports expose espionage activities, exploitation of vulnerabilities, and zero days – and have been expanded to include geopolitical context. ESET also offers 18 proprietary intelligence feeds and two sub-feeds, including Android threats, IoCs, Botnets, Phishing URLs, and more.

Launched ahead of RSAC 2026, visitors to this global cybersecurity tradeshow can visit booth N-5253 to receive a demo and talk to ESET’s threat experts. Details on ESET’s presentation schedule, meeting requests, and booth activities can be found here.

For more information about ESET Threat Intelligence, visit ESET’s website.

 

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

ESET Honored on CRN 2026 Security 100 List

ESET, a global cybersecurity leader, has been named to the 11th annual CRN® Security 100 list. The company was specifically highlighted as one of the “20 Coolest Endpoint and Managed Security Companies of 2026” for its continuous innovation within the ESET PROTECT portfolio. These advancements assist channel partners in expanding services, maintaining regulatory compliance, and meeting cyber insurance demands.

Empowering the Channel with Advanced Security

CRN’s Security 100 list recognizes vendors that work closely with channel partners to deliver mission-critical, next-generation security solutions. Jennifer Follett, Vice President at CRN, noted that these vendors “continue to evolve their portfolios to stay ahead of adversaries and emerging threats.”

Scalable MDR and AI-Driven Automation

In 2025, ESET enhanced its ESET PROTECT MDR for MSPs to help providers manage cybersecurity complexity and industry fatigue. Key features of the service include:
  • Rapid Response: Boasts an average detection and response time of just six minutes.
  • Hybrid Intelligence: Integrates AI-powered automation with expert human threat hunting and global threat intelligence.
  • Comprehensive Monitoring: Provides 24/7 monitoring with integrated protection for endpoints, email, and cloud environments through a unified platform.

A 5-Star Partner Experience

In addition to the Security 100 recognition, ESET earned a 5-Star rating in the 2026 CRN Partner Program Guide. This rating reflects the maturity of the ESET Partner Connect Program, which offers:
  • Profitable Growth: Features stackable margins, incumbency protection, and a flexible tiered structure.
  • Extensive Support: Provides partners with comprehensive training, certifications, and robust sales and marketing resources.
  • Technical Edge: Equips partners with insights from ESET’s global R&D network to strengthen customer security and drive long-term success.
“Being recognized on the 2026 Security 100 list — and earning a 5-Star Partner Program rating — validates our strategy of pairing cutting-edge, AI-native security solutions with a flexible, profitable program,” said Ryan Grant, Country Manager, U.S. and Canada at ESET.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

ESET Uncovers “PromptSpy” – The Era of AI-Driven Android Threats

ESET researchers have discovered PromptSpy, the first known Android threat to utilize generative AI (Google Gemini) within its execution flow. By prompting an AI model to interpret UI elements, the malware achieves a level of adaptability previously unseen in mobile threats.

Technical Breakthrough: PromptSpy uses Gemini to receive dynamic instructions on how to “lock” itself in the recent apps list, ensuring the malicious process remains active and cannot be easily closed by the user.
 

Key Capabilities

Remote VNC Access
Lockscreen Data Theft
Invisible UI Overlays
Screen Activity Recording
AES-Encrypted C&C
Anti-Uninstallation Logic
 

Distribution and Targeting

The malware currently targets users in Argentina by impersonating the Morgan Chase bank (using the name MorganArg). It is distributed through malicious third-party websites and is not present on the official Google Play Store.

Critical Removal Procedure

Because PromptSpy uses invisible overlays to block uninstallation, users must follow these steps:

  1. Reboot into Safe Mode: Typically by long-pressing the “Power Off” option in the power menu.
  2. Navigate to Settings: Go to Settings → Apps.
  3. Uninstall: Locate “MorganArg” and select Uninstall.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

ESET Finalist: Cybersecurity Community Awards 2026

ESET, a global leader in cybersecurity, has been recognized by the Expert Insights Cybersecurity Community Awards 2026 as a finalist in the prestigious “Best Security Company” category.

Industry Leadership: Finalists were selected based on nominations from global IT professionals and independent research, emphasizing real-world impact over “pay-to-play” marketing.
 

A Legacy of Advanced Protection

Driven by the same engineers who founded the company over 30 years ago, ESET protects millions of users through an AI-native security portfolio. Key offerings include:

  • XDR & MDR: Next-generation prevention and response.
  • APT Tracking: Specialized research teams monitoring sophisticated threat groups.
  • Global Footprint: Trusted by critical industries and governments in 178 territories.
“A single layer of defense is not enough in today’s evolving landscape. This recognition reflects the trust our customers place in us and our dedication to intelligence-driven security.”
— Ryan Grant, Country Manager, ESET U.S. and Canada
 

Cast Your Vote

Support the cybersecurity innovators making a global difference. Community voting remains open until February 20, 2026.

 

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

ESET’s Chief Security Evangelist Tony Anscombe to Speak at NetDiligence Cyber Risk Summit

ESET, a global leader in digital security, today announced that its Chief Security Evangelist, Tony Anscombe, will serve as a distinguished panelist at the annual NetDiligence Cyber Risk Summit. The event, held at the Eden Roc Hotel, brings together the world’s foremost leaders in cyber insurance, law, and technology.

Strategic Insight into AI Governance

Anscombe will join industry experts on February 9 for the session “Assessing AI Risk Management Frameworks”. The panel will investigate how organizations can scale AI through model integrity and explore the cybersecurity responses currently shaping global AI policy. Alongside moderators and peers from LevelBlue, TrendAI, and Deloitte, the session will focus on the architectures required to support safe enterprise automation.

“AI risk management is about understanding acceptable thresholds and making documented, informed decisions,” said Anscombe. “Organizations require clear policies and human oversight to ensure that AI is deployed responsibly without creating unintended harm or exposing sensitive data.”

Bridging the Cyber Insurance Gap

Through strategic collaborations with partners such as Amwins and Patriot Growth Insurance Services, ESET is actively closing the gap between security posture and insurance eligibility. By combining advanced Managed Detection and Response (MDR) with comprehensive risk assessments, ESET empowers businesses to better qualify for critical cyber coverage.

For more information on ESET’s work partnering with cyber insurance vendors, and how to become qualified, visit here.

 

 

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

ESET enhances its European footprint with new ESET Nordics offices

  • ESET Nordics, based in Copenhagen, Denmark, along with a satellite office in Göteborg, Sweden, join the ranks of ESET’s global commercial offices.
  • The new office will support entities based in Denmark, Sweden, Norway, Finland and Iceland.
  • ESET Nordics will continue to deliver outstanding cybersecurity solutions and provide local support for both channel partners and end customers.

BRATISLAVA, COPENHAGEN (DK)January 5, 2026 — ESET, a global leader in cybersecurity solutions, today announced the opening of its ESET Nordics branch in Copenhagen, Denmark, along with a satellite office in Göteborg, Sweden, both working together to bring ESET closer to its customers and partners in Northern Europe starting on January 1st, 2026.

As the world rapidly changes, driven by disruptive technologies and an increasingly complex geopolitical landscape, Europe’s need to guarantee its digital sovereignty has become essential to securing the region’s digital ecosystem. EU-based solutions, such as ESET, provide citizens, businesses, and governments with confidence that their data and, more importantly, their critical infrastructure are protected. This is increasingly vital amid growing cybercrime and state-aligned activity, marked by high-profile hacking attempts against hospitals, manufacturers, financial entities and other critical industries across the EU.

Thus, establishing ESET Nordics and its satellite office in Sweden is both part of the company’s long-term strategy to boost market growth in Europe’s top IT security markets, but also an answer to the woes of customers and companies based in the Nordics, asking for a partner that could help them when the pressure is already mounting — rapidly, with local intelligence, and in their own language.

“The world’s changing. If a global cybersecurity company wants to properly reflect regional rules, regulations and overall, the populace’s needs, it must establish a local presence,” commented Pavol Holéczy, Vice President of EMEA Sales at ESET, “We’re proud of being recognized for our local commitments, and we will continue on delivering our portfolio of products and services in line with what our existing and prospective partners in the Nordics require,” Mr. Holéczy added.

This strategic expansion strengthens our presence across Denmark, Sweden, Norway, Finland, and Iceland, helping ESET bridge the gap between its global offer and distinct regional needs.

“Showing up locally isn’t just good manners, it’s good business. Real relationships are built through proximity. Local presence means we speak the language, feel the rhythm, and earn trust the way only neighbors can,” said Leif Jensen, Country Manager for ESET Nordics.

The efficacy of this strategy is clearly displayed by the assessments of independent analysts like Forrester, ECSO, and KuppingerCole, commending ESET for its local presence and support that empowers its products and services like ESET MDR wherever they’re needed.

Founded in 1992, European Union-based ESET has been a dominant player in the endpoint security market. Since then, ESET has been gaining ground and growing its enterprise portfolio with specialized products and divisions like ESET Corporate Solutions, protecting some of the largest companies in the world. ESET security solutions are currently sold in over 178 markets protecting more than one billion people across the globe.

ESET is dedicated to supporting European excellence. See how we committed €3 million to Horizon Europe AI project empowering minority languages, or our support of intergovernmental and nongovernmental organizations like Europol and the Netherlands Industry for Defense and Security Foundation (NIDV)

 

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

The Voice of the Customer has spoken: ESET is a Customers’ Choice for Endpoint Protection according to Gartner® Peer Insights™

BRATISLAVA — January 27, 2026 —ESET, a global leader in cybersecurity, is proud to announce that it has been recognized as a Customers’ Choice in the 2026 Gartner® Peer Insights™ Voice of the Customer report1 for Endpoint Protection Platforms. Out of 18 evaluated vendors, ESET is among only five to earn this distinction, based on its strong performance in both User Interest and Adoption (xaxis) and Overall Experience (yaxis).

According to the report, 99% of Gartner Peer Insights reviews received for ESET indicated either a 5-star (78%) or 4-star (21%) rating. Overall, our customers have given us a rating of 4.8 out of 5, with 96% stating they would recommend our product. ESET’s Support Experience received particularly high praise, earning 4.8 out of 5, with customers also commending the company’s Product Capabilities, Sales Experience, and Deployment Experience

“Being recognized as a Customers’ Choice by Gartner Peer Insights is highly important to us because it comes directly from organizations and IT professionals who rely on our technologies every day,” said Zuzana Legáthová, Director of Market Intelligence and Analyst Relations at ESET. “Our customers’ trust is at the core of everything we do. Their feedback validates our commitment to delivering a PreventionFirst, AIdriven cybersecurity platform that not only strengthens security posture but also drives measurable business impact, helping organizations operate with confidence and resilience in an increasingly complex threat landscape.”

The “Voice of the Customer” report aggregates peer reviews and ratings over an 18-month period ending 30 November 2025, offering valuable insights into customer experiences with leading cybersecurity vendors. ESET´s recognition is based on reviews from 134 verified end-user professionals, and we believe it reflects their direct experience operating the ESET PROTECT Platform.

ESET PROTECT is a comprehensive cybersecurity platform designed to meet the evolving needs of modern organizations. It´s our cloud-first XDR cybersecurity solution that combines AI-native next-gen prevention, detection, and proactive threat hunting to keep businesses secure. Built on decades of expertise and continuous innovation, it delivers a Prevention-First approach to security, integrating advanced technologies and security services into a single, scalable solution.

Discover more about ESET PROTECT Platform. For more information about ESET’s awards and recognized excellence, click here.

GARTNER is a registered trademark and service mark of Gartner, Inc., and/or its affiliates in the U.S. and internationally, and PEER INSIGHTS is a registered trademark of Gartner, Inc., and/or its affiliates and are used herein with permission. All rights reserved. Gartner® Peer Insights™ content consists of the opinions of individual end users based on their own experiences and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product, or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose. 

1Gartner, Voice of the Customer for Endpoint Protection Platforms, By Peer Contributors, January 2026 

 

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Fake dating app used as lure in spyware campaign targeting Pakistan, ESET Research discovers

  • ESET researchers have uncovered an Android spyware campaign that uses romance scam tactics to target individuals in Pakistan.
  • The campaign leverages the GhostChat spyware, which enables covert surveillance on the device, allowing the threat actor to monitor activity and exfiltrate sensitive data.
  • The ESET investigation revealed further activities conducted by the same threat actor: an attack involving ClickFix, which tricks users into executing malicious code on their computers, and a WhatsApp attack that exploits the app’s link-to-device feature to access its victims’ personal messages.

BRATISLAVAJanuary 28, 2026 — ESET researchers have uncovered an Android spyware campaign leveraging romance scam tactics to target individuals in Pakistan. The campaign uses a malicious app posing as a chat platform that allows users to initiate conversations operated via WhatsApp. Underneath the romance charade, the real purpose of the malicious app, which ESET named GhostChat, is exfiltration of the victim’s data. The same threat actor appears to be running a broader spy operation – including a ClickFix attack leading to the compromise of victims’ computers, and a WhatsApp device-linking attack gaining access to victims’ WhatsApp accounts – thus expanding the scope of surveillance. These related attacks used websites impersonating Pakistani governmental organizations as lures. Victims obtained GhostChat from unknown sources, and it requires manual installation; it was never available on Google Play, and Google Play Protect, which is enabled by default, protects against it.

“This campaign employs a method of deception that we have not previously seen in similar schemes – fake female profiles in GhostChat are presented to potential victims as locked, with passcodes required to access them. However, as the codes are hardcoded in the app, this is just a social engineering tactic likely aimed to create the impression of exclusive access for the potential victims,” says ESET researcher Lukáš Štefanko, who discovered the campaign. “Our investigation reveals a highly targeted and multifaceted espionage campaign aimed at users in Pakistan,” he adds.

The app uses the icon of a legitimate dating app but lacks the original app’s functionality and instead serves as a lure – and tool – for espionage on mobile devices. Once logged in, victims are presented with a selection of 14 female profiles; each profile is linked to a specific WhatsApp number with a Pakistani (+92) country code. The use of local numbers reinforces the illusion that the profiles are real individuals based in Pakistan, increasing the credibility of the scam. Upon entering the correct code, the app redirects the user to WhatsApp to initiate a conversation with the assigned number – presumably operated by the threat actor.

While the victim engages with the app, and even prior to logging in, GhostChat spyware has already begun running in the background, silently monitoring device activity and exfiltrating sensitive data to a C&C server. Beyond initial exfiltration, GhostChat engages in active espionage: It sets up a content observer to monitor newly created images and uploads them as they appear. Additionally, it schedules a periodic task that scans for new documents every five minutes, ensuring continual surveillance and data harvesting.

The campaign is also connected to broader infrastructure involving ClickFix-based malware delivery and WhatsApp account hijacking techniques. These operations leverage fake websites, impersonation of national authorities, and deceptive, QR-code-based device-linking to compromise both desktop and mobile platforms. ClickFix is a social engineering technique that tricks users into manually executing malicious code on their devices by following seemingly legitimate instructions.

In addition to desktop targeting via the ClickFix attack, a malicious domain was used in a mobile-focused operation aimed at WhatsApp users. Victims were lured into joining a supposed community – posing as a channel of the Pakistan Ministry of Defence – by scanning a QR code to link their Android device or iPhone to WhatsApp Web or Desktop. Known as GhostPairing, this technique allows an adversary to gain access to the victims’ chat history and contacts, acquiring the same level of visibility and control over the account as the owners, effectively compromising their private communications.

For a more detailed analysis of GhostChat, check out the latest ESET Research blog post, “Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan”  on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research..

GhostChat attack flow

 

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

ESET Research analyzed a critical flaw in Windows Imaging Component, which abuses JPG files

ESET researchers have concluded an in-depth examination of CVE-2025-50165, a Windows Imaging Component vulnerability. Although classified as critical, ESET’s root cause analysis suggests the complexity of exploitation makes large-scale attacks highly improbable.

Technical Distinction: The flaw exists in the encoding and compression stage of a JPG image, not the decoding (rendering) stage. Simply viewing a malicious image will not trigger the vulnerability.

Root Cause: WindowsCodecs.dll

The vulnerability occurs when WindowsCodecs.dll attempts to encode a JPG image using 12-bit or 16-bit data precision. The specific function involved, jpeg_finish_compress, is triggered during specific actions such as saving an image or generating system thumbnails.

Expert Analysis

“Our analysis indicates that exploitation is harder than it appears,” says ESET researcher Romain Dumont. “A host application is only vulnerable if it allows JPG images to be re-encoded, and even then, an attacker would need precise control over heap manipulation and address leaks to achieve remote code execution.”

Key Takeaways

  • Open Source Roots: The component utilizes libjpeg-turbo, which saw similar vulnerabilities patched in late 2024.
  • Reproduction: ESET has successfully reproduced the system crash using a 12-bit/16-bit JPG test method.
  • Status: Microsoft released a patch for this vulnerability in August; users are encouraged to verify their systems are up to date.

For the full technical report, visit WeLiveSecurity.com and search for “Revisiting CVE-2025-50165.”

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

ESET Threat Report: AI-driven attacks on the rise; NFC threats increase and evolve in sophistication

ESET Research has released its H2 2025 Threat Report with statistics from June through November 2025.
NFC threats have continued to evolve in scale and sophistication, with several notable upgrades and new malicious campaigns seen in H2 2025.
ESET observed several improvements in scams including higher-quality deepfakes, signs of AI-generated phishing sites, and short-lived ad campaigns to avoid detection.
Even though Lumma Stealer managed to come back after the May 2025 disruption, its detections declined by 86% in H2 2025.

BRATISLAVA — December 16, 2025 — ESET Research has released its latest Threat Report, which summarizes threat landscape trends seen in ESET telemetry and from the perspective of both ESET threat detection and research experts, from June through November 2025.  AI-powered malware moved from theory to reality in H2 2025, as ESET discovered PromptLock – the first known AI-driven ransomware, capable of generating malicious scripts on the fly. While AI is still mainly used for crafting convincing phishing and scam content, PromptLock – and the handful of other AI-driven threats identified to this day – signal a new era of threats.

“Fraudsters behind the Nomani investment scams have also refined their techniques – we have observed higher-quality deepfakes, signs of AI-generated phishing sites, and increasingly short-lived ad campaigns to avoid detection,” says Jiří Kropáč, Director of ESET Threat Prevention Labs. In ESET telemetry, detections of Nomani scams grew 62% year-over-year, with the trend declining slightly in H2 2025. Nomani scams have recently been expanding from Meta to other platforms, including YouTube.

On the ransomware scene, victim numbers surpassed 2024 totals well before year’s end, with ESET Research projections pointing to a 40% year-over-year increase. Akira and Qilin now dominate the ransomware-as-a-service market, while low-profile newcomer Warlock introduced innovative evasion techniques. EDR killers continued to proliferate, highlighting that endpoint detection and response tools remain a significant obstacle for ransomware operators.

On the mobile platform, NFC threats continued to grow in scale and sophistication, with an 87% increase in ESET telemetry and several notable upgrades and campaigns observed in H2 2025. NGate  – a pioneer among NFC threats, first discovered by ESET– received an upgrade in the form of contact stealing, likely laying the groundwork for future attacks. RatOn, entirely new malware on the NFC fraud scene, brought a rare fusion of remote access trojan (RAT) capabilities and NFC relay attacks, showing cybercriminals’ determination to pursue new attack avenues. RatOn was distributed through fake Google Play pages and ads mimicking an adult version of TikTok, and a digital bank ID service.  PhantomCard – new NGate-based malware adapted to the Brazilian market – was seen in multiple campaigns in Brazil in H2 2025.

Furthermore, after its global disruption in May, the Lumma Stealer infostealer managed to briefly resurface – twice – but its glory days are most likely over. Detections plummeted by 86% in H2 2025 compared to the first half of the year, and a significant distribution vector of Lumma Stealer – the HTML/FakeCaptcha trojan, used in ClickFix attacks – nearly vanished from ESET telemetry.

Meanwhile, CloudEyE, also known as GuLoader, surged into prominence, skyrocketing almost thirtyfold according to ESET telemetry. Distributed via malicious email campaigns, this malware-as-a-service downloader and cryptor is used to deploy other malware, including ransomware, as well as infostealer juggernauts such as Rescoms, Formbook, and Agent Tesla. Poland was most affected by this threat, with 32% of CloudEyE attack attempts in H2 2025 detected here.

For more information, check out the ESET Threat Report H2 2025 on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research.

 

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.