Threat Bulletin: Critical eScan Supply Chain Compromise

Morphisec reported a supply-chain compromise of eScan antivirus on 20 January 2026 in which malicious updates, signed with a compromised eScan certificate, distributed a multi-stage malware chain (trojanized Reload.exe, a downloader that modifies hosts and eScan registry settings to block updates, and a 64-bit backdoor CONSCTLX.exe). The advisory provides IOCs (SHA-256 hashes, compromised cert thumbprint, C2 domains, scheduled task and registry persistence patterns), detection steps, and remediation guidance requiring manual vendor-provided patches because automatic updates are prevented.