Supply chain attack: what you should know

Feb. 2, 2026, 9:18 p.m.

Description

A supply chain attack targeted the eScan antivirus software, distributing malware through the update server. The attack, detected on January 20, involved a malicious Reload.exe file that initiated a multi-stage infection chain. This malware prevented further antivirus updates, ensured persistence through scheduled tasks, and communicated with control servers to download additional payloads. Attackers gained unauthorized access to a regional update server, deploying a malicious file with a fake digital signature. eScan developers quickly isolated the affected infrastructure and reset access credentials. Users are advised to check for infection signs, use a provided removal utility, and block known malware control server addresses. Kaspersky's security solutions successfully detect the malware used in this attack.

External References

https://securelist.com/escan-supply-chain-attack/118688/
https://otx.alienvault.com/pulse/697b96e3866d3c1d9326032c
Tags
malware
supply chain
persistence
unauthorized access
scheduled tasks
digital signature
2026-01-29
escan
antivirus
consctlx.exe
reload.exe

Date

  • Created: Jan. 29, 2026, 5:20 p.m.
  • Published: Jan. 29, 2026, 5:20 p.m.
  • Modified: Feb. 2, 2026, 9:18 p.m.

Indicators

  • 674943387cc7e0fd18d0d6278e6e4f7a0f3059ee6ef94e0976fae6954ffd40dd
  • 36ef2ec9ada035c56644f677dab65946798575e1d8b14f1365f22d7c68269860
  • 386a16926aff225abc31f73e8e040ac0c53fb093e7daf3fbd6903c157d88958c
  • https://csc.biologii.net/sooc
  • https://blackice.sol-domain.org
  • https://codegiant.io/dd/dd/dd.git/download/main/middleware.ts
  • https://vhs.delrosal.net/i
Download all indicators here!

Attack Patterns

  • Reload.exe
  • consctlx.exe

Additional Informations

  • codegiant.io
  • blackice.sol-domain.org
  • vhs.delrosal.net
  • csc.biologii.net
  • India
  • British Indian Ocean Territory