Infosecurity Magazine reports that MicroWorld Technologies' update infrastructure has been compromised to deliver malicious updates for its eScan antivirus software that spread multi-stage malware as part of a global supply chain compromise.Threat actors have used a trojanized variant of a 32-bit eScan executable to facilitate the deployment of a downloader and a 64-bit backdoor for total remote compromise, according to Morphisec Threat Labs analysts. Apart from altering the Windows host file and eScan registry settings to prevent automated patches, the malware also leveraged Windows defragmentation job-spoofing tasks and registry keys for persistence. Illicit activity on Morphisec customer systems has already been averted.However, proactive eScan contacting required by MicroWorld Technologies to address the issue should prompt organizations to immediately identify malicious file hashes within endpoints, examine dubious scheduled tasks under WindowsDefrag, block identified command-and-control domains, inspect registry keys, and rescind trust in the breached eScan code-signing certificate.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds




