← Supply-Chain Attack Compendium

escan

Incident Summary

eScan Antivirus Update Supply Chain Attack

Attackers compromised the legitimate eScan antivirus update infrastructure to distribute a trojanized version of Reload.exe (32-bit). This component dropped a persistent downloader (CONSCTLX.exe) that used scheduled tasks, registry modifications, and hosts file tampering to block remote updates and evade remediation while maintaining backdoor access.

Date
2026-01-20 to 2026-01-21
Category
Commercial
Target Surface
Other
Insertion Phase
distribution
Impact
Persistence
Cause
Compromised Infrastructure

What Was Affected

Package escan
LanguageC++
ComponentApplication
Artifact typeapplication
Domain typevendor
Domain escanav.com

Incident Context

Motive
Remote Access/Persistence
Attribution
Third Party
Transitive
No
User Impact
0
Observed Duration
1 days

Indicators and Changes

Hashes

  • sha256:36ef2ec9ada035c56644f677dab65946798575e1d8b14f1365f22d7c68269860
  • sha256:bec369597633eac7cc27a698288e4ae8d12bdd9b01946e73a28e1423b17252b1
  • sha1:1617949c0c9daa2d2a5a80f1028aeb95ce1c0dee
  • sha1:a928bddfaa536c11c28c8d2c5d16e27cbeaf6357
  • sha1:ebaf9715d7f34a77a6e1fd455fe0702274958e20
  • sha1:96cdd8476faa7c6a7d2ad285658d3559855b168d
  • sha1:2d2d58700a40642e189f3f1ccea41337486947f5
  • sha1:eec1a5e3bb415d12302e087a24c3f4051fca040e

External References

Source Data

Source record: proprietary/escan/meta.yaml