Supply chain attack on eScan antivirus: Detecting and remediating malicious updates

Supply chain attack on eScan antivirus: Detecting and remediating malicious updates securelist.com/escan-sup… A supply chain attack targeting eScan antivirus, developed by India-based MicroWorld Technologies, was disclosed following malicious updates distributed on Jan. 20 through the vendor’s update server. The compromised update delivered a malicious file, Reload.exe, which initiated a multi-stage infection chain. Security solutions detected and blocked related activity the same day. On Jan. 21, after being notified by Morphisec, eScan developers contained the incident. According to Morphisec’s investigation, Reload.exe modified the system HOSTS file to block connections to security vendor infrastructure, preventing further antivirus updates and hindering automated remediation efforts. This interference contributed to update service errors and delayed corrective action. The incident underscores ongoing risks associated with trusted update mechanisms and the importance of monitoring update infrastructure, validating digital signatures and maintaining independent detection controls.