Have you recently trusted your antivirus to protect your computer? What if that same protection became a threat? Discover how eScan users faced such a situation and what to do to avoid the worst.
The 3 key points not to miss
- An eScan update server was compromised, leading to the distribution of a malicious component.
- The malware prevents automatic antivirus updates, making correction difficult.
- Morphisec offers indicators to identify potential system compromise.
A targeted attack on eScan
In mid-January, eScan users inadvertently downloaded a contaminated patch. This infiltration occurred after the antivirus update server, published by MicroWorld Technologies, was compromised. The attack allowed a modified component to be distributed via the publisher’s official infrastructure, thus facilitating the deployment of a multi-stage malware.
This malware not only infects the system; it also modifies the antivirus configuration and certain system settings. These alterations prevent future updates, making any attempt at automatic correction ineffective.
Progress and effects of the malware
According to Morphisec, on January 20, the eScan Reload.exe file was replaced with a malicious version. This infected file then deposits an additional payload, CONSCTLX.exe, designed to download other elements remotely and maintain the infection. The malware persists in the system by creating scheduled tasks and adding entries to the registry.
Once installed, the malware establishes connections with servers controlled by the attackers. These connections not only allow remote control of the infected machine but also potentially distribute other malicious payloads.
Recommended precautionary measures
To secure systems, it is essential to identify potentially infected machines. If you were using eScan with active updates around January 20, your system might be compromised. Morphisec has published a list of indicators of compromise to help detect these infections.
If in doubt, immediately isolate the affected computer to prevent any communication with the attackers’ servers. Contacting eScan to obtain the manual fix is a crucial step, as is verifying and renewing your credentials for added security.
History of eScan
eScan, developed by MicroWorld Technologies, is a popular antivirus long recognized for its ability to protect systems against various threats. Founded in 1993, the company has focused on innovation in computer security, seeking to offer robust solutions for individuals and businesses. Despite this incident, eScan continues to work on strengthening its security measures to regain the trust of its users.
Source: