""Malicious updates were distributed through eScan's legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise and consumer endpoints globally," Morphisec's bulletin reads. According to the security firm, the updates modified users' devices so that they would be cut off from eScan's updates. The antivirus's normal functionality was also altered, it says."
"The affected users received a malicious 'Reload.exe' file, designed to kick off a multi-stage infection chain. The file modified the HOSTS file to block automatic updates, established persistence through scheduled tasks, and downloaded additional payloads. "Automatic remediation is therefore not possible for compromised systems. Impacted organizations and individuals must proactively contact eScan to obtain the manual update/patch," Morphisec says."
"Morphisec said it reported the incident to MicroWorld Technologies, the company behind eScan, on January 21, one day after it detected the malicious behavior on its customers' devices. eScan informed Morphisec that it had detected unauthorized access to its infrastructure on January 20 and immediately isolated the impacted update servers, which remained offline for over eight hours. To resolve the issue, eScan released a utility that users can obtain by contacting the company's technical support team. The tool was designed to clean the infection, roll back malicious system modifications, and restore eScan's normal functionality."
Hackers compromised eScan's update infrastructure and distributed malicious updates that installed multi-stage malware on enterprise and consumer endpoints. The attack delivered a malicious Reload.exe that modified HOSTS files to block automatic updates, established persistence through scheduled tasks, and fetched additional payloads. The malicious updates altered antivirus behavior and prevented automatic remediation, requiring manual intervention. Impacted users must obtain a manual cleanup utility from eScan to remove the infection, roll back system modifications, and restore normal antivirus functionality. eScan isolated compromised update servers and provided a removal tool via its technical support team.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]