Threat Bulletin: Critical eScan Supply Chain Compromise

On January 20, 2026 Morphisec identified a supply-chain compromise of MicroWorld Technologies’ eScan antivirus: malicious update packages distributed through the vendor’s update infrastructure dropped a multi-stage downloader (Reload.exe → CONSCTLX.exe) that establishes persistence, connects to C2 infrastructure, and tampers with eScan registry, files, and hosts to block updates and automatic remediation; Morphisec provides IOCs (SHA-256 hashes, C2 domains, scheduled task patterns, registry keys) and advises isolating affected systems, contacting eScan for a manual patch, and conducting forensic investigations.