The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer systems This article explores infrastructure escan antivirus. . "Malicious updates were distributed through eScan's legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise and consumer endpoints globally," stated Michael Gorelik, a researcher at Morphisec.

According to MicroWorld Technologies, it quickly isolated the affected update servers after discovering unauthorized access to its infrastructure, which kept them offline for more than eight hours. Additionally, a patch that undoes the modifications made as part of the malicious update has been made available. To get the fix, affected organizations are advised to get in touch with MicroWorld Technologies.

Although Kaspersky's analysis of telemetry data has shown that "hundreds of machines belonging to both individuals and organizations" encountered infection attempts with payloads related to the supply chain attack, the eScan bulletin does not specify which regional update server was impacted. These devices are mostly found in the Philippines, Bangladesh, Sri Lanka, and India. The security group also pointed out that the attackers had to have thoroughly examined eScan's internal workings in order to comprehend how its update mechanism operated and how it could be altered to spread malicious updates.

The threat actors' method of gaining access to the update server is presently unknown. "Notably, it is quite unique to see malware being deployed through a security solution update," it stated.