Threat Bulletin: Critical eScan Supply Chain Compromise

**Executive Summary:** On January 20, 2026 Morphisec identified a supply-chain compromise of MicroWorld's eScan antivirus where malicious updates (trojanized Reload.exe) were distributed via the vendor's update infrastructure, deploying a multi-stage downloader (CONSCTLX.exe) that tampers with eScan registry, hosts file and update mechanisms to prevent automatic remediation; the report provides SHA-256 hashes, a code-signing thumbprint, C2 indicators, persistence details, detection steps, and remediation guidance including contacting eScan for a manual patch.