CP
cyberpings
Malware & RansomwareHIGH

Supply-Chain Compromise Hits eScan Antivirus Users

CPCheck Point Research
eScanMicroWorld Technologiesmalwaresupply-chain attack
🎯

Basically, eScan antivirus users received bad updates that let hackers in.

Quick Summary

A supply-chain attack has compromised eScan antivirus software, affecting its users. Malicious updates may have allowed hackers remote access to systems. Stay alert and update your software as fixes are rolled out.

What Happened

A significant security breach has just been reported involving MicroWorld Technologies, the company behind eScan antivirus software. Hackers managed to infiltrate the company's supply chain, pushing out malicious updates through the legitimate eScan updater. This breach is alarming because it not only compromised the antivirus software but also allowed multi-stage malware? to be installed on users' systems.

The malware is designed to establish persistence?, meaning it can remain on the infected devices even after reboots. It also enables remote access? for the attackers, giving them control over affected systems. This kind of attack is particularly dangerous because it can go unnoticed for a long time, allowing hackers to gather sensitive information or launch further attacks.

Why Should You Care

If you use eScan antivirus, your device could be compromised without your knowledge. Imagine your home being unlocked, and you don’t even realize it until something valuable is missing. This situation is similar; your antivirus, which is supposed to protect you, has become a gateway for attackers.

The key takeaway here is that even trusted software can be exploited. Your personal data, financial information, and overall digital security are at risk. It’s crucial to stay informed about the tools you rely on for protection, as they can sometimes become the very source of vulnerability.

What's Being Done

MicroWorld Technologies is aware of the breach and is actively working to mitigate the damage. They are likely developing patches? to remove the malicious updates and secure their systems. If you are an eScan user, here are a few actions you should take immediately:

  • Update your eScan software to the latest version once a patch is released.
  • Run a full system scan to detect and remove any potential malware.
  • Change your passwords for sensitive accounts, especially if you suspect any unauthorized access.

Experts are closely monitoring the situation to see how widespread the impact will be and what further actions might be necessary to protect users. The situation is developing, so stay tuned for updates.

💡 Tap dotted terms for explanations

🔒 Pro insight: This incident underscores the vulnerabilities in software supply chains, highlighting the need for enhanced security measures in update mechanisms.

Original article from

Check Point Research · lorenf

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Payload Ransomware - Breaches Royal Bahrain Hospital Data

Payload Ransomware claims to have breached Royal Bahrain Hospital, stealing 110 GB of sensitive data. Patients and the healthcare sector are at risk as the group threatens to leak this data if the ransom isn't paid. Urgent action is needed to protect sensitive information.

Security Affairs·
HIGHMalware & Ransomware

Malware - Latest Threats and Research Insights Explained

The latest malware newsletter reveals critical threats like BoryptGrab and A0Backdoor. These sophisticated attacks target users through deceptive methods, making awareness essential. Stay informed to protect your data and systems.

Security Affairs·
HIGHMalware & Ransomware

AppsFlyer SDK Hijacked to Deploy Crypto-Stealing Malware

What Happened This week, the AppsFlyer Web SDK was hijacked in a serious supply-chain attack. Malicious code was injected into the SDK, which is widely used for marketing analytics by over 15,000 businesses globally. The compromised code was designed to intercept cryptocurrency wallet addresses entered by users on various websites. Instead of sending funds to the intended wallet, the

BleepingComputer·
HIGHMalware & Ransomware

GlassWorm Campaign Exploits 72 Extensions to Target Developers

A new GlassWorm campaign exploits 72 malicious extensions targeting developers. This sophisticated attack uses seemingly harmless tools to deliver malware. Developers must stay vigilant to protect their systems from these threats.

The Hacker News·
HIGHMalware & Ransomware

Malicious npm Packages Steal Discord and Crypto Data

A sophisticated supply chain attack has emerged, targeting Discord and cryptocurrency wallets. Users of npm packages are at risk of having their sensitive data stolen. Immediate action is required to secure accounts and data.

Cyber Security News·
HIGHMalware & Ransomware

GlassWorm Malware Expands Reach with 72 Malicious Extensions

The GlassWorm malware campaign has escalated, infecting developer environments through 72 malicious Open VSX extensions. Developers using popular tools are at risk, as attackers employ clever tricks to bypass security measures. Immediate action is necessary to protect sensitive data and maintain secure coding practices.

Cyber Security News·