Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

MicroWorld Technologies hit by network compromise

Incident
First reported
Last updated
Happening score
H score 12
2 unique sources, 2 articles

Summary

Hide ▲

MicroWorld Technologies’ eScan antivirus suffered a supply chain compromise in which attackers abused the legitimate update infrastructure to distribute malicious updates to enterprise and consumer endpoints. The malicious package replaced `Reload.exe`, used PowerShell with an AMSI bypass, and then fetched additional payloads such as `CONSCTLX.exe` to establish persistence, block remediation, and interfere with future updates. MicroWorld Technologies said it detected unauthorized access, isolated the impacted update servers, and released a patch to revert the malicious changes.

Related Happenings

ClockRemoval.ps1 antivirus-disabling malware activity linked to Dragon Boss Solutions LLC

Malware Activity
First: 15.04.2026 17:40 Last: 15.04.2026 17:40 Sources 1

About this happening: A signed software operation linked to **Dragon Boss Solutions LLC** was observed using **ClockRemoval.ps1** to disable antivirus on **more than 23,000 endpoints worldwide**, raisi...

Open Happening

EScan malicious update payloads deploying Reload.exe and CONSCTLX.exe

Malware Activity
First: 28.01.2026 23:00 Last: 28.01.2026 23:00 Sources 1

About this happening: **Reload.exe** and **CONSCTLX.exe** were delivered through a compromised **eScan** update channel, exposing **enterprise and consumer endpoints** to persistent malware infection....

Open Happening

RondoDox botnet payload deployment in December 2025

Malware Activity
First: 01.01.2026 11:19 Last: 01.01.2026 11:19 Sources 1

About this happening: The **RondoDox** botnet was actively dropping **cryptocurrency miners**, the **/nuts/bolts** loader and health checker, and the **/nuts/x86** Mirai variant onto infected devices i...

Open Happening

Timeline

  1. 26.01.2026 21:00 1 articles · 4mo ago

    eScan supply chain compromise delivers signed malware

    Exploitation Observed

    MicroWorld Technologies' eScan antivirus update channel distributed malicious updates after a compromised eScan code-signing certificate let a trojanized 32-bit eScan executable appear legitimate, drop a downloader and 64-bit backdoor, establish persistence, and block further updates on affected endpoints.

    Show sources
    Open in new tab
  2. 26.01.2026 21:00 3 articles · 4mo ago

    Morphisec details blocked eScan malware activity

    Technical Analysis Update

    On January 26 2026, Morphisec Threat Labs published findings that its protected customer systems blocked the malicious activity within hours of the initial distribution, noted global exposure across enterprise and consumer endpoints, and advised organizations running eScan to search for known malicious file hashes, review suspicious scheduled tasks, inspect GUID-based registry keys, block identified C2 domains, and revoke trust in the compromised eScan code-signing certificate.

    Show sources
    Open in new tab