- Users report problems with eScan antivirus
- Internal investigation found malicious actors infiltrated systems
- Update servers have been used to send malware, so users have been warned to be on guard.
Popular antivirus program eScan has been hijacked to be used as a launchpad for malware, experts have warned.
MicroWorld Technologies, the company behind eScan, recently began receiving customer reports of problems with the antivirus program.
After an internal investigation, the company determined that an unidentified threat actor had broken into one of the update servers and used it to distribute a software update containing malware.
Deliver a backdoor
“Unauthorized access to one of our regional update server configurations resulted in an incorrect file (corrupted binary patch/update configuration) being placed in the update distribution path,” the company said. BeepComputer.
“This file was distributed to customers downloading updates from the affected server cluster for a limited period on January 20, 2026.”
This delay, according to the same source, is approximately two hours. We’re not sure how many customers downloaded the update during this window, but MicroWorld Technologies said the affected infrastructure was isolated and credentials refreshed. The company has also contacted affected customers to assist with remediation efforts.
The eScan product itself has not been tampered with and victims appear to be limited to a specific regional group.
Morphisec security researchers, who analyzed the malicious payload, said it was a multi-stage malware designed for enterprise and consumer endpoints. It’s called CONSCTLX and acts as a backdoor and persistent downloader, allowing bad actors to stay on the device, run commands, modify the Windows HOSTS file, and connect to the C2 infrastructure for additional payloads.
It is currently unclear who was behind the attack, but BeepComputer recalls that in 2024, North Korean cybercriminals were seen exploiting the eScan update mechanism to infect corporate networks with various backdoors.
MicroWorld Technologies won’t reveal how many customers use eScan, only saying it has helped “millions” so far.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
