{
  "name": "Supply chain attack: what you should know",
  "slug": "supply-chain-attack-what-you-should-know",
  "description": "A supply chain attack targeted the eScan antivirus software, distributing malware through the update server. The attack, detected on January 20, involved a malicious Reload.exe file that initiated a multi-stage infection chain. This malware prevented further antivirus updates, ensured persistence through scheduled tasks, and communicated with control servers to download additional payloads. Attackers gained unauthorized access to a regional update server, deploying a malicious file with a fake digital signature. eScan developers quickly isolated the affected infrastructure and reset access credentials. Users are advised to check for infection signs, use a provided removal utility, and block known malware control server addresses. Kaspersky's security solutions successfully detect the malware used in this attack.",
  "published": "2026-01-29T16:20:35+00:00",
  "created_at": "2026-01-29T16:20:35+00:00",
  "modified_at": "2026-02-02T20:18:54+00:00",
  "created_at_opencti": "2026-01-29T16:20:35+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2026-01-29",
    "antivirus",
    "consctlx.exe",
    "digital signature",
    "escan",
    "malware",
    "persistence",
    "reload.exe",
    "scheduled tasks",
    "supply-chain",
    "unauthorized access"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "https://csc.biologii.net/sooc"
      },
      {
        "id": "",
        "name": "https://blackice.sol-domain.org"
      },
      {
        "id": "",
        "name": "https://codegiant.io/dd/dd/dd.git/download/main/middleware.ts"
      },
      {
        "id": "",
        "name": "https://vhs.delrosal.net/i"
      },
      {
        "id": "",
        "name": "674943387cc7e0fd18d0d6278e6e4f7a0f3059ee6ef94e0976fae6954ffd40dd"
      },
      {
        "id": "",
        "name": "36ef2ec9ada035c56644f677dab65946798575e1d8b14f1365f22d7c68269860"
      },
      {
        "id": "",
        "name": "386a16926aff225abc31f73e8e040ac0c53fb093e7daf3fbd6903c157d88958c"
      }
    ],
    "malware": [
      {
        "id": "984ffdbc-9606-4067-bdef-56de8eac2805",
        "name": "Reload.exe",
        "slug": "reloadexe"
      },
      {
        "id": "legacy:malware:a00a9c08354f7339",
        "name": "consctlx.exe",
        "slug": "consctlxexe"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "India"
      },
      {
        "id": "",
        "name": "British Indian Ocean Territory"
      },
      {
        "id": "",
        "name": "codegiant.io"
      },
      {
        "id": "",
        "name": "blackice.sol-domain.org"
      },
      {
        "id": "",
        "name": "vhs.delrosal.net"
      },
      {
        "id": "",
        "name": "csc.biologii.net"
      }
    ]
  },
  "external_refs": [
    "https://securelist.com/escan-supply-chain-attack/118688/",
    "https://otx.alienvault.com/pulse/697b96e3866d3c1d9326032c"
  ]
}