Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

EScan malicious update payloads deploying Reload.exe and CONSCTLX.exe

Malware Activity
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

Reload.exe and CONSCTLX.exe were delivered through a compromised eScan update channel, exposing enterprise and consumer endpoints to persistent malware infection. The activity mattered because the initial payload established persistence, blocked further updates, and pulled in additional payloads from C2 infrastructure.

Related Happenings

MicroWorld Technologies hit by network compromise

Incident
First: 26.01.2026 21:00 Last: 26.01.2026 21:00 Sources 1

About this happening: **MicroWorld Technologies’ eScan antivirus** suffered a **supply chain compromise** in which attackers abused the **legitimate update infrastructure** to distribute **malicious up...

Open Happening

Timeline

  1. 28.01.2026 23:00 2 articles · 3mo ago

    Malicious eScan update reaches customer endpoints

    Exploitation Observed

    A modified eScan update component, including Reload.exe, is distributed through the legitimate regional update cluster during a two-hour window on January 20, 2026, reaching a small subset of customers and leading to multi-stage malware activity on enterprise and consumer endpoints, including persistence, Windows HOSTS file modification, command execution, and C2 contact to download additional payloads.

    Show sources
    Open in new tab
  2. 28.01.2026 23:00 1 articles · 3mo ago

    eScan detects and isolates the update server issue

    Detection Ioc Update

    MicroWorld Technologies detects the issue internally on January 20, 2026 through monitoring and customer reports, then isolates the affected regional update infrastructure within hours after unauthorized access places an incorrect file in the update distribution path.

    Show sources
    Open in new tab
  3. 21.01.2026 02:00 1 articles · 4mo ago

    eScan issues security advisory on the update infrastructure breach

    Initial Disclosure

    MicroWorld Technologies issues a security advisory on January 21, 2026 describing the event as unauthorized access to a regional update server configuration that placed an incorrect file in the update distribution path; the company says only customers updated from the affected cluster were impacted and disputes Morphisec's claim that it was first to discover or report the incident.

    Show sources
    Open in new tab