- Users report problems with eScan antivirus
- Internal investigation found threat actor infiltrated systems
- Update servers were used to send out malware, warning users to be on their guard
Popular antivirus program eScan was hijacked to use as a malware launch pad, experts have warned.
MicroWorld Technologies, the company behind eScan, recently began receiving customer reports of problems with the antivirus program.
After an internal investigation, the company determined that an unidentified threat actor broke into one of the update servers and used it to distribute a software update loaded with malware.
Provides a back door
“Unauthorized access to one of our regional update server configurations resulted in an incorrect file (patch configuration binary/corrupt update) being placed in the update distribution path,” the company said. Bleeping Computer.
“This file was distributed to customers who downloaded updates from the affected server cluster for a limited time frame on January 20, 2026.”
According to the same source, that time frame is around two hours. We don’t know exactly how many customers downloaded the update during that window, but MicroWorld Technologies said the affected infrastructure was isolated and credentials were updated. The company also contacted affected customers to assist with remediation efforts.
The eScan product itself was not tampered with and victims appear to be limited to a specific regional cluster.
Security researchers from Morphisec, who analyzed the malicious payload, said it was a multi-stage malware designed for enterprise and consumer endpoints. Called CONSCTLX, it acts as a backdoor and persistent downloader that allows threat actors to remain on the device, run commands, modify the Windows HOSTS file, and connect to the C2 infrastructure for additional payloads.
At this time, it is unknown who was behind the attack, but Bleeping Computer recalls that back in 2024, North Korean cybercriminals were seen exploiting the update mechanism in eScan to infect corporate networks with various backdoors.
MicroWorld Technologies does not disclose how many customers are using eScan, other than to state that it has helped “millions” so far.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
