Malware, Supply chain

Malware spread through eScan antivirus supply chain compromise

Privacy concept: pixelated words Malware on digital background, 3d render

Infosecurity Magazine reports that MicroWorld Technologies' update infrastructure has been compromised to deliver malicious updates for its eScan antivirus software that spread multi-stage malware as part of a global supply chain compromise.

Threat actors have used a trojanized variant of a 32-bit eScan executable to facilitate the deployment of a downloader and a 64-bit backdoor for total remote compromise, according to Morphisec Threat Labs analysts. Apart from altering the Windows host file and eScan registry settings to prevent automated patches, the malware also leveraged Windows defragmentation job-spoofing tasks and registry keys for persistence. Illicit activity on Morphisec customer systems has already been averted.

However, proactive eScan contacting required by MicroWorld Technologies to address the issue should prompt organizations to immediately identify malicious file hashes within endpoints, examine dubious scheduled tasks under WindowsDefrag, block identified command-and-control domains, inspect registry keys, and rescind trust in the breached eScan code-signing certificate.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds