eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

Briefly

"The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer systems. "Malicious updates were distributed through eScan's legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise and consumer endpoints globally," Morphisec researcher Michael Gorelik said. MicroWorld Technologies has revealed that it detected unauthorized access to its infrastructure and immediately isolated the impacted update servers, which remained offline for over eight hours."

"It has also released a patch that reverts the changes introduced as part of the malicious update. Impacted organizations are recommended to contact MicroWorld Technologies to obtain the fix. It also pinned the attack as resulting from unauthorized access to one of its regional update server configurations, which enabled the threat actors to distribute a "corrupt" update to customers during a "limited timeframe" of about two hours on January 20, 2026."

""eScan experienced a temporary update service disruption starting January 20, 2026, affecting a subset of customers whose systems automatically download updates during a specific timeframe, from a specific update cluster," the company said in an advisory issued on January 22, 2026. "The issue resulted from unauthorized access to the regional update server infrastructure. The incident has been identified and resolved. Comprehensive remediation is available that addresses all observed scenarios.""