On January 20, 2026, a supply chain attack targeted eScan antivirus, developed by the Indian firm MicroWorld Technologies. Attackers gained unauthorized access to a regional update server to distribute a malicious file named Reload.exe. This file initiated a multi-stage infection chain that prevented legitimate software updates by modifying the system's HOSTS file and ensured persistence through malicious scheduled tasks like CorelDefrag.
The malware drops additional payloads, including the consctlx.exe file, and establishes communication with various command-and-control servers. Security analysts emphasize that the incident resulted from a breach of infrastructure rather than a software vulnerability. To mitigate the threat, users are advised to inspect scheduled tasks, verify their HOSTS file for unauthorized domain blocks, and use the specialized remediation utility provided by the developers.
Top comments (0)