Hackers compromised an official eScan update server and pushed malicious updates that deployed multi-stage malware, including a “Reload.exe” payload that modified the HOSTS file, blocked automatic updates, and established persistence via scheduled tasks. eScan isolated the affected servers and released a manual cleanup utility after Morphisec reported the incident, but the company disputes aspects of Morphisec’s characterization and is working with legal counsel. #eScan #Reload.exe
Keypoints
- Rogue updates from an eScan update server delivered a malicious “Reload.exe” payload to users.
- The malware modified the HOSTS file, blocked automatic updates, and used scheduled tasks for persistence.
- Morphisec detected the activity, reported it to MicroWorld on January 21, and published a bulletin on January 29.
- eScan isolated the impacted update servers, provided a manual remediation tool, and advised users to contact support.
- eScan acknowledges unauthorized access but disputes parts of Morphisec’s assessment and has engaged legal counsel.
Read More: https://www.securityweek.com/escan-antivirus-delivers-malware-in-supply-chain-attack/