• ESET and KPN join forces to protect their customers from unwanted, malicious, and fraudulent content
• ESET NetProtect solutions provide network security for the whole household and IoT devices for KPN customers

BRATISLAVA, December 6, 2023 — ESET, a globally recognized leader in cybersecurity, today announces its strategic partnership with a Dutch company, KPN, the leading telecommunications and IT provider in the Netherlands. Through this collaboration, ESET introduces ESET NetProtect to KPN’s customers, a cutting-edge DNS Filtering solution designed to protect home networks, including IoT devices, against malware, phishing, and unwanted content.

KPN takes its customers’ security very seriously. In 2022, 15% of the Dutch population were victims of cybercrime, out of which, 50% were online scams and financial fraud, and hacking was experienced by 20% of recipients, which is why KPN and ESET are coming together to deliver the best solution to their customers. KPN, an internet service provider, wants to protect the traffic on its network and, ultimately, protect its customers by creating a safe and secure internet environment.

ESET NetProtect functions by filtering DNS (Domain Name System) before they are accessed by devices connected to household connections via routers. For KPN’s customers, the services are effortlessly activated with a single click through the user’s trusted internet provider, ensuring automatic protection for all connected devices.

This is particularly useful nowadays since households use both smart and IoT devices that cannot be secured by traditional security software and ESET NetProtect provides the protection for an uninterrupted experience. For devices with already installed protection, ESET NetProtect works as an additional security layer to the ecosystem.

ESET NetProtect is a formidable shield, preventing sensitive information, such as bank card details, from leaking via phishing or scam websites, leveraging DNS filtering to provide smooth and reliable protection. One of ESET NetProtect´s biggest advantages is its one-click activation. This creates a solution that is easy to use for all ages and cyber-knowledge groups, making security even more accessible. On top of that, this layer of security makes it harder for new threats (such as the use of AI in phishing, which makes malicious messages seem more believable and harder for the naked eye to recognize) to get through to the end user. This is especially important for parents who want to keep their children safe while online unsupervised. The solution also includes a monthly summary of malicious sites and thwarted cyber threats as well as Malware and Phishing Filter and Potentially Unwanted Content Protection.

Through the user-friendly management portal, end-users can easily configure ESET NetProtect settings for their connected devices, manage domain permitted and blocked lists, and generate security reports. This portal offers valuable insights into ESET’s protection mechanisms. All of these solutions were developed to protect devices linked to Telco and ISP networks, shielding them from a multitude of threats.

Reliable security, that is easy to use, is a priority, supported by local customer service and comprehensive protection that stays one step ahead of online threats. This is made possible through ESET’s extraordinary database of malware detections compiled from its global network of research and development centers.

Mária Trnková, Chief Marketing Officer at ESET, shared, “People and their security are the top priority for us at ESET. New emerging technologies are undeniably becoming an integral part of our day-to-day lives, however, the threat landscape is not falling behind. The threats are getting more sophisticated, which is even more important now, than ever before, to deliver easy-to-use reliable solutions, that can ensure our protection. With ESET NetProtect we have crafted such a solution and we are delighted to now protect KPN´s customers.”

Gijs Isbouts, VP of KPN Veilig: “Smart TVs, smart lamps or a smart (energy) meter,.. we are increasingly digitally connected and the number of smart devices in our homes has skyrocketed, so it feels like a mission for us to ensure that our customers really feel safe online. New times call for new solutions, and that is exactly what we are tackling here together with Eset. Our solution KPN Safe Network at Home, which we offer together with Eset, enables our customers to maintain control over their online security at home, without having to be technically skilled and the great thing is, that you enable it with just the click of a button.”

Read more about ESET NetProtect here.

• Deceptive SpyLoan apps analyzed by ESET researchers request various kinds of sensitive information from their users and exfiltrate it to the attackers’ servers. 
• This data is then used to harass and blackmail users of these apps and, according to user reviews, was used even where a loan was not provided.
• ESET telemetry shows a discernible growth in these apps across unofficial third-party app stores, Google Play, and websites since the beginning of 2023.
• Malicious loan apps focus on potential borrowers based in Southeast Asia, Africa, and Latin America.

BRATISLAVA, KOŠICE — December 5, 2023 — This year, ESET researchers have observed alarming growth in deceptive Android loan apps, which present themselves as legitimate personal loan services, promising quick and easy access to funds. Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims’ personal and financial information in order to blackmail them. ESET products therefore recognize these apps using the detection name SpyLoan, which directly refers to their spyware functionality combined with loan claims. SpyLoan apps are marketed through social media and SMS messages, and are available for download from dedicated scam websites, third-party app stores, and also Google Play.

ESET is a member of the App Defense Alliance (ADA) and an active partner in the malware mitigation program, which aims to quickly find Potentially Harmful Applications and stop them before they ever make it onto Google Play. As an ADA member, ESET identified 18 SpyLoan apps and reported them to Google, who subsequently removed 17 of these apps from their platform. These apps had a total of more than 12 million downloads from Google Play before their removal. The final app listed changed its behavior; ESET therefore no longer detects it as a SpyLoan app.

Every instance of a particular SpyLoan app, regardless of its source, behaves identically due to its identical underlying code. It doesn’t matter whether the download came from a suspicious website, a third-party app store, or even Google Play — the users will experience the same functions and face the same risks, regardless of where they got the app.

According to ESET telemetry, the enforcers of these apps, who blackmail and harass their victims, even with death threats, operate mainly in Mexico, Indonesia, Thailand, Vietnam, India, Pakistan, Colombia, Peru, the Philippines, Egypt, Kenya, Nigeria, and Singapore. ESET researchers believe that any detections outside of these countries are related to smartphones that have, for various reasons, access to a phone number registered in one of these countries. There are currently no active campaigns targeting European countries, the USA, or Canada.

Apart from data harvesting and blackmail, these services present a form of modern-day digital usury, which refers to the charging of excessive interest rates on loans, taking advantage of vulnerable individuals. Victims of these apps claim the total annual cost (TAC) of such loans is much higher than stated, and the loan tenure is much shorter than stated. In some cases, borrowers were pressured to pay off their loans in five days, instead of the stated 91 days, and the TAC of a loan was anywhere between 160% and 340%.

“These malicious applications exploit the trust that users place in legitimate loan providers, using sophisticated techniques to deceive people and steal a very wide range of personal information,” says ESET researcher Lukáš Štefanko, who uncovered many of the SpyLoan apps. “It is crucial for individuals to exercise caution, validate the authenticity of any financial app or service, and rely on trusted sources. By staying informed and vigilant, users can better protect themselves from falling victim to such deceptive schemes,” he adds.

ESET Research has traced the origins of the SpyLoan scheme back to 2020. Once a user installs a SpyLoan app, they are prompted to accept the terms of service and grant extensive permissions to access sensitive data stored on the device. According to the privacy policies of these apps, if those permissions are not granted, the loan will not be provided. To complete the loan application process, users are also compelled to provide extensive personal information.

The data that is usually exfiltrated to the Command and Control (C&C) server includes the user’s list of accounts, call logs, calendar events, device information, lists of installed apps, local Wi-Fi network information, and even information about files on the device. Additionally, contact lists, location data, and SMS messages are vulnerable. To protect their activities, the perpetrators encrypt all the stolen data before transmitting it to the C&C server. While legitimate financial institutions are required to collect personal information about their customers, identity verification and risk assessment can be done using much less intrusive data collection methods. ESET Research believes the real purpose of the permissions requested by SpyLoan apps is to spy on their users and harass and blackmail them and their contacts

After such an app is installed and personal data is collected, the app’s enforcers start to pressure their victims into making payments, even if — according to the reviews — the user didn’t apply for a loan or applied but the loan wasn’t approved. Such practices have been described in the reviews of these apps on Facebook and on Google Play.

“There are several reasons behind the rapid growth of SpyLoan apps. One is that the developers of these apps take inspiration from successful FinTech — financial technology — services, which leverage technology to provide streamlined and user-friendly financial services,” explains Štefanko.

For more technical information about deceptive SpyLoan apps, check out the blog post “Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths.” Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.

Heatmap of SpyLoan detections seen in ESET telemetry between January 1 and November 30, 2023