eScan Antivirus Delivers Malware in Supply Chain Attack

eScan antivirus users were infected with malware last week after hackers compromised an official update server, security researchers report.

The eScan supply chain attack came to light on January 29, when cybersecurity firm Morphisec published a threat bulletin warning of rogue updates tampering with users’ systems.

“Malicious updates were distributed through eScan’s legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise and consumer endpoints globally,” Morphisec’s bulletin reads.

According to the security firm, the updates modified users’ devices so that they would be cut off from eScan’s updates. The antivirus’s normal functionality was also altered, it says.

The affected users received a malicious ‘Reload.exe’ file, designed to kick off a multi-stage infection chain. The file modified the HOSTS file to block automatic updates, established persistence through scheduled tasks, and downloaded additional payloads.

“Automatic remediation is therefore not possible for compromised systems. Impacted ...