- Users report problems with eScan antivirus
- An internal investigation found that a threat actor infiltrated the systems
- Update servers were used to deliver malware, so users were warned to be on guard
Experts warned that the popular eScan antivirus program was hijacked to be used as a malware launch pad.
MicroWorld Technologies, the company behind eScan, recently began receiving reports from customers about issues related to the antivirus program.
After an internal investigation, the company determined that an unidentified threat actor broke into one of the update servers and used it to distribute a malware-laden software update.
Delivering a tailgate
“Unauthorized access to one of our regional update server configurations resulted in an incorrect file (corrupt update/binary patch configuration) being placed in the update distribution path,” the company said. beepcomputer.
“This file was distributed to customers who downloaded updates to the affected server cluster for a limited period of time on January 20, 2026.”
That period, according to the same source, is approximately two hours. We don’t know exactly how many customers downloaded the update during that period, but MicroWorld Technologies said the affected infrastructure was isolated and credentials updated. The company also reached out to affected customers to assist with remediation efforts.
The eScan product itself was not manipulated and the victims appear to be limited to a specific regional group.
Morphisec security researchers, who analyzed the malicious payload, said it was a multi-stage malware designed for enterprise and consumer endpoints. It is called CONSCTLX and acts as a backdoor and persistent downloader, allowing threat actors to remain on the device, execute commands, modify the Windows HOSTS file, and connect to the C2 infrastructure for additional payloads.
It is currently unknown who was behind the attack, but beepcomputer Recall that in 2024, North Korean cybercriminals were seen exploiting the eScan update mechanism to infect corporate networks with multiple backdoors.
MicroWorld Technologies does not disclose how many customers use eScan, other than to say it has helped “millions” so far.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
