Supply chain attack: what you should know
Essential information
- Published
- 29/01/2026 17:20
- Modified
- 02/02/2026 21:18
- Tags
- 2026-01-29 antivirus consctlx.exe digital signature escan malware persistence reload.exe scheduled tasks supply-chain unauthorized access
- Related entities
- 7 observables, 2 malware, 6 others
Description
A supply chain attack targeted the eScan antivirus software, distributing malware through the update server. The attack, detected on January 20, involved a malicious Reload.exe file that initiated a multi-stage infection chain. This malware prevented further antivirus updates, ensured persistence through scheduled tasks, and communicated with control servers to download additional payloads. Attackers gained unauthorized access to a regional update server, deploying a malicious file with a fake digital signature. eScan developers quickly isolated the affected infrastructure and reset access credentials. Users are advised to check for infection signs, use a provided removal utility, and block known malware control server addresses. Kaspersky's security solutions successfully detect the malware used in this attack.