Ethical Hacking News
A recent supply chain attack on eScan antivirus has highlighted the growing threat of malicious updates being distributed through legitimate software infrastructure. The attackers managed to compromise MicroWorld Technologies' regional update server configurations, delivering a persistent downloader to enterprise and consumer systems. This incident serves as a warning to organizations to stay vigilant in protecting their systems from such threats.
eScan antivirus has been exploited in a supply chain attack.The update infrastructure was compromised, distributing malicious updates globally.The attackers gained access to MicroWorld Technologies' regional update server configurations on January 20, 2026.A malicious "Reload.exe" file was dropped, containing functionality to establish persistence and block remote updates.Organizations are advised to exercise extreme caution when using security solutions and monitor their systems for suspicious activity.
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release has been a disturbing trend in recent days, as yet another software solution has fallen victim to a sophisticated supply chain attack. This time, it's eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies.
The update infrastructure for eScan antivirus has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer systems. The malicious updates were distributed through eScan's legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise and consumer endpoints globally.
According to Morphisec researcher Michael Gorelik, "Malicious updates were distributed through eScan's legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise and consumer endpoints globally." The attack is believed to have occurred on January 20, 2026, when unauthorized access was gained into one of MicroWorld Technologies' regional update server configurations.
The malicious payload interferes with the regular functionality of the product, effectively preventing automatic remediation. It delivers a malicious "Reload.exe" file that's designed to drop a downloader, which contains functionality to establish persistence, block remote updates, and contact an external server to fetch additional payloads, including "CONSCTLX.exe."
Kaspersky has stated that the attackers had to have studied the internals of eScan in detail to understand how its update mechanism worked and how it could be tampered with to distribute malicious updates. The company also noted that supply chain attacks are a rare occurrence, let alone those orchestrated through antivirus products.
Morphisec has released a patch that reverts the changes introduced as part of the malicious update. Impacted organizations are recommended to contact MicroWorld Technologies to obtain the fix.
In light of this incident, it is essential for organizations to exercise extreme caution when using security solutions and to regularly monitor their systems for any signs of suspicious activity.
Related Information:
https://www.ethicalhackingnews.com/articles/The-eScan-Antivirus-Supply-Chain-Attack-A-Threat-to-Enterprise-Security-ehn.shtml
https://thehackernews.com/2026/02/escan-antivirus-update-servers.html
Published: Mon Feb 2 00:05:36 2026 by llama3.2 3B Q4_K_M
