• ESET Nordics, based in Copenhagen, Denmark, along with a satellite office in Göteborg, Sweden, join the ranks of ESET’s global commercial offices.
• The new office will support entities based in Denmark, Sweden, Norway, Finland and Iceland.
• ESET Nordics will continue to deliver outstanding cybersecurity solutions and provide local support for both channel partners and end customers.

BRATISLAVA, COPENHAGEN (DK) — January 5, 2026 — ESET, a global leader in cybersecurity solutions, today announced the opening of its ESET Nordics branch in Copenhagen, Denmark, along with a satellite office in Göteborg, Sweden, both working together to bring ESET closer to its customers and partners in Northern Europe starting on January 1st, 2026.

As the world rapidly changes, driven by disruptive technologies and an increasingly complex geopolitical landscape, Europe’s need to guarantee its digital sovereignty has become essential to securing the region’s digital ecosystem. EU-based solutions, such as ESET, provide citizens, businesses, and governments with confidence that their data and, more importantly, their critical infrastructure are protected. This is increasingly vital amid growing cybercrime and state-aligned activity, marked by high-profile hacking attempts against hospitals, manufacturers, financial entities and other critical industries across the EU.

Thus, establishing ESET Nordics and its satellite office in Sweden is both part of the company’s long-term strategy to boost market growth in Europe’s top IT security markets, but also an answer to the woes of customers and companies based in the Nordics, asking for a partner that could help them when the pressure is already mounting — rapidly, with local intelligence, and in their own language.

“The world’s changing. If a global cybersecurity company wants to properly reflect regional rules, regulations and overall, the populace’s needs, it must establish a local presence,” commented Pavol Holéczy, Vice President of EMEA Sales at ESET, “We’re proud of being recognized for our local commitments, and we will continue on delivering our portfolio of products and services in line with what our existing and prospective partners in the Nordics require,” Mr. Holéczy added.

This strategic expansion strengthens our presence across Denmark, Sweden, Norway, Finland, and Iceland, helping ESET bridge the gap between its global offer and distinct regional needs.

“Showing up locally isn’t just good manners, it’s good business. Real relationships are built through proximity. Local presence means we speak the language, feel the rhythm, and earn trust the way only neighbors can,” said Leif Jensen, Country Manager for ESET Nordics.

The efficacy of this strategy is clearly displayed by the assessments of independent analysts like Forrester, ECSO, and KuppingerCole, commending ESET for its local presence and support that empowers its products and services like ESET MDR wherever they’re needed.

Founded in 1992, European Union-based ESET has been a dominant player in the endpoint security market. Since then, ESET has been gaining ground and growing its enterprise portfolio with specialized products and divisions like ESET Corporate Solutions, protecting some of the largest companies in the world. ESET security solutions are currently sold in over 178 markets protecting more than one billion people across the globe.

ESET is dedicated to supporting European excellence. See how we committed €3 million to Horizon Europe AI project empowering minority languages, or our support of intergovernmental and nongovernmental organizations like Europol and the Netherlands Industry for Defense and Security Foundation (NIDV)

BRATISLAVA — January 27, 2026 —ESET, a global leader in cybersecurity, is proud to announce that it has been recognized as a Customers’ Choice in the 2026 Gartner® Peer Insights™ Voice of the Customer report¹ for Endpoint Protection Platforms. Out of 18 evaluated vendors, ESET is among only five to earn this distinction, based on its strong performance in both User Interest and Adoption (x‑axis) and Overall Experience (y‑axis).

According to the report, 99% of Gartner Peer Insights reviews received for ESET indicated either a 5-star (78%) or 4-star (21%) rating. Overall, our customers have given us a rating of 4.8 out of 5, with 96% stating they would recommend our product. ESET’s Support Experience received particularly high praise, earning 4.8 out of 5, with customers also commending the company’s Product Capabilities, Sales Experience, and Deployment Experience

“Being recognized as a Customers’ Choice by Gartner Peer Insights is highly important to us because it comes directly from organizations and IT professionals who rely on our technologies every day,” said Zuzana Legáthová, Director of Market Intelligence and Analyst Relations at ESET. “Our customers’ trust is at the core of everything we do. Their feedback validates our commitment to delivering a Prevention‑First, AI‑driven cybersecurity platform that not only strengthens security posture but also drives measurable business impact, helping organizations operate with confidence and resilience in an increasingly complex threat landscape.”

The “Voice of the Customer” report aggregates peer reviews and ratings over an 18-month period ending 30 November 2025, offering valuable insights into customer experiences with leading cybersecurity vendors. ESET´s recognition is based on reviews from 134 verified end-user professionals, and we believe it reflects their direct experience operating the ESET PROTECT Platform.

ESET PROTECT is a comprehensive cybersecurity platform designed to meet the evolving needs of modern organizations. It´s our cloud-first XDR cybersecurity solution that combines AI-native next-gen prevention, detection, and proactive threat hunting to keep businesses secure. Built on decades of expertise and continuous innovation, it delivers a Prevention-First approach to security, integrating advanced technologies and security services into a single, scalable solution.

Discover more about ESET PROTECT Platform. For more information about ESET’s awards and recognized excellence, click here.

GARTNER is a registered trademark and service mark of Gartner, Inc., and/or its affiliates in the U.S. and internationally, and PEER INSIGHTS is a registered trademark of Gartner, Inc., and/or its affiliates and are used herein with permission. All rights reserved. Gartner® Peer Insights™ content consists of the opinions of individual end users based on their own experiences and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product, or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose. 

¹Gartner, Voice of the Customer for Endpoint Protection Platforms, By Peer Contributors, January 2026 

• ESET researchers have uncovered an Android spyware campaign that uses romance scam tactics to target individuals in Pakistan.
• The campaign leverages the GhostChat spyware, which enables covert surveillance on the device, allowing the threat actor to monitor activity and exfiltrate sensitive data.
• The ESET investigation revealed further activities conducted by the same threat actor: an attack involving ClickFix, which tricks users into executing malicious code on their computers, and a WhatsApp attack that exploits the app’s link-to-device feature to access its victims’ personal messages.

BRATISLAVA — January 28, 2026 — ESET researchers have uncovered an Android spyware campaign leveraging romance scam tactics to target individuals in Pakistan. The campaign uses a malicious app posing as a chat platform that allows users to initiate conversations operated via WhatsApp. Underneath the romance charade, the real purpose of the malicious app, which ESET named GhostChat, is exfiltration of the victim’s data. The same threat actor appears to be running a broader spy operation – including a ClickFix attack leading to the compromise of victims’ computers, and a WhatsApp device-linking attack gaining access to victims’ WhatsApp accounts – thus expanding the scope of surveillance. These related attacks used websites impersonating Pakistani governmental organizations as lures. Victims obtained GhostChat from unknown sources, and it requires manual installation; it was never available on Google Play, and Google Play Protect, which is enabled by default, protects against it.

“This campaign employs a method of deception that we have not previously seen in similar schemes – fake female profiles in GhostChat are presented to potential victims as locked, with passcodes required to access them. However, as the codes are hardcoded in the app, this is just a social engineering tactic likely aimed to create the impression of exclusive access for the potential victims,” says ESET researcher Lukáš Štefanko, who discovered the campaign. “Our investigation reveals a highly targeted and multifaceted espionage campaign aimed at users in Pakistan,” he adds.

The app uses the icon of a legitimate dating app but lacks the original app’s functionality and instead serves as a lure – and tool – for espionage on mobile devices. Once logged in, victims are presented with a selection of 14 female profiles; each profile is linked to a specific WhatsApp number with a Pakistani (+92) country code. The use of local numbers reinforces the illusion that the profiles are real individuals based in Pakistan, increasing the credibility of the scam. Upon entering the correct code, the app redirects the user to WhatsApp to initiate a conversation with the assigned number – presumably operated by the threat actor.

While the victim engages with the app, and even prior to logging in, GhostChat spyware has already begun running in the background, silently monitoring device activity and exfiltrating sensitive data to a C&C server. Beyond initial exfiltration, GhostChat engages in active espionage: It sets up a content observer to monitor newly created images and uploads them as they appear. Additionally, it schedules a periodic task that scans for new documents every five minutes, ensuring continual surveillance and data harvesting.

The campaign is also connected to broader infrastructure involving ClickFix-based malware delivery and WhatsApp account hijacking techniques. These operations leverage fake websites, impersonation of national authorities, and deceptive, QR-code-based device-linking to compromise both desktop and mobile platforms. ClickFix is a social engineering technique that tricks users into manually executing malicious code on their devices by following seemingly legitimate instructions.

In addition to desktop targeting via the ClickFix attack, a malicious domain was used in a mobile-focused operation aimed at WhatsApp users. Victims were lured into joining a supposed community – posing as a channel of the Pakistan Ministry of Defence – by scanning a QR code to link their Android device or iPhone to WhatsApp Web or Desktop. Known as GhostPairing, this technique allows an adversary to gain access to the victims’ chat history and contacts, acquiring the same level of visibility and control over the account as the owners, effectively compromising their private communications.

For a more detailed analysis of GhostChat, check out the latest ESET Research blog post, “Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan”  on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research..

GhostChat attack flow