Tag: antivirus
-
eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer systems.”Malicious updates were distributed through eScan’s legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise First seen on thehackernews.com Jump to…
-
eScan AV users targeted with malicious updates
The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/escan-antivirus-update-supply-chain-compromised/
-
eScan AV supply chain compromise: Users targeted with malicious updates
The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/escan-antivirus-update-supply-chain-compromised/
-
eScan Antivirus Update Server Breached to Deliver Malicious Software Updates
MicroWorld Technologies’ eScan antivirus platform fell victim to a sophisticated supply chain attack on January 20, 2026, when threat actors compromised legitimate update infrastructure to distribute multi-stage malware to enterprise and consumer endpoints worldwide. Security researchers immediately alerted the vendor, which isolated the affected infrastructure within one hour and took its global update system offline…
-
Virenschutz ade: Malware über Update-Server von Antivirus-Tool verteilt
Angreifer haben über das Antivirus-Tool eScan Malware auf Nutzersysteme geschleust. Ein Update-Server des Anbieters war kompromittiert. First seen on golem.de Jump to article: www.golem.de/news/von-wegen-virenschutz-malware-ueber-update-server-von-antivirus-tool-verteilt-2601-204754.html
-
Von wegen Virenschutz: Malware über Update-Server von Antivirus-Tool verteilt
Angreifer haben über das Antivirus-Tool eScan Malware auf Nutzersysteme geschleust. Ein Update-Server des Anbieters war kompromittiert. First seen on golem.de Jump to article: www.golem.de/news/von-wegen-virenschutz-malware-ueber-update-server-von-antivirus-tool-verteilt-2601-204754.html
-
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL – Part 1
Tags: access, adobe, ai, antivirus, api, apt, attack, authentication, backdoor, backup, cloud, control, data, data-breach, detection, email, endpoint, github, google, government, group, india, infection, infrastructure, injection, Internet, malicious, malware, microsoft, network, phishing, service, spear-phishing, threat, tool, update, windowsIntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. In both campaigns, ThreatLabz identified previously undocumented tools, techniques, and procedures (TTPs). While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) group, APT36, we…
-
eScan Antivirus Supply Chain Breach Delivers Signed Malware
Supply chain breach in eScan antivirus distributes multi-stage malware via legitimate updates First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/escan-antivirus-breach-delivers/
-
eScan Antivirus Supply Chain Breach Delivers Signed Malware
Supply chain breach in eScan antivirus distributes multi-stage malware via legitimate updates First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/escan-antivirus-breach-delivers/
-
NDSS 2025 ERW-Radar
Tags: antivirus, china, conference, defense, detection, Internet, malicious, network, ransomware, softwareAuthors, Creators & Presenters: Lingbo Zhao (Institute of Information Engineering, Chinese Academy of Sciences), Yuhui Zhang (Institute of Information Engineering, Chinese Academy of Sciences), Zhilu Wang (Institute of Information Engineering, Chinese Academy of Sciences), Fengkai Yuan (Institute of Information Engineering, CAS), Rui Hou (Institute of Information Engineering, Chinese Academy of Sciences) PAPER ERW-Radar: An Adaptive…
-
Hackers Weaponize 2,500+ Security Tools to Disable Endpoint Defenses Before Ransomware Attacks
A sophisticated campaign has weaponized over 2,500 variants of a legitimate security driver to disable endpoint protection before deploying ransomware and remote access trojans. Attackers are abusing truesight.sys, a kernel-mode driver from Adlice Software’s RogueKiller antivirus suite. The legacy version 2.0.2 contains a critical vulnerability allowing arbitrary process termination via IOCTL command 0x22E044. This enables…
-
PDFSIDER Malware Actively Exploited to Evade Antivirus and EDR Defenses
Security researchers have identified a sophisticated backdoor malware variant, PDFSIDER, that leverages DLL side-loading to evade endpoint detection and response (EDR) systems. The threat demonstrates advanced persistent threat (APT) tradecraft, combining evasion mechanisms with encrypted command-and-control capabilities to maintain covert access on compromised systems. PDFSIDER’s infection chain originates through spear-phishing campaigns delivering ZIP archives containing…
-
Why Do We Need Antivirus Software for Android? Top 4 Best Anti-Virus Their Impacts
Best Antivirus Software provides high-level data protection for your Android device since it is the main targeted platform around the world. People often rely on android more than themselves these days. The quotidian usage of technology has made them more and more dependent. From communication to connectivity to entertainment, all aspects are covered by such…
-
EDRStartupHinder: Blocks Antivirus EDR at Windows 11 25H2 Startup (Defender Included)
A cybersecurity researcher has unveiled EDRStartupHinder, a proof-of-concept tool that prevents antivirus and endpoint detection and response (EDR) solutions from launching during Windows startup, including Microsoft Defender on Windows 11 25H2. The technique exploits Windows Bindlink API functionality through the bindflt.sys driver to interfere with security software initialization. The tool builds on previous research into Bindlink…
-
How to Set Up Azure Trusted Signing to Sign an EXE?
Introduction Code signing is no longer an optional process Windows, antivirus engines, and enterprise security tools all expect executables to be digitally signed. Previously, developers purchased an EV Code Signing Certificate, stored it on a USB token or HSM, and had to maintain it for years. Azure Trusted Signing reimagines the process with cloud-based”¦ Read…
-
Hackers Promote “VOID” AV Killer Claiming Kernel-Level Defense Evasion
A threat actor operating under the handle Crypt4You has begun advertising a sophisticated new offensive tool on underground cybercrime forums, marketed as a >>kernel-level>crypters
-
Israeli Organizations Targeted by AV-Themed Malicious Word and PDF Files
SEQRITE Labs’ Advanced Persistent Threat (APT) Team has uncovered a sophisticated campaign targeting Israeli organizations through weaponized Microsoft Word and PDF documents disguised as legitimate antivirus software. The operation, tracked as UNG0801 or >>Operation IconCat,
-
NtKiller Malware Advertised on Dark Web With Claims of Antivirus and EDR Bypass
A new and sophisticated defensive evasion tool dubbed >>NtKillerAlphaGhoul.
-
Interpol sweep takes down cybercrooks in 19 countries
Tags: access, antivirus, attack, botnet, business, china, cyber, cyberattack, cybercrime, cybersecurity, data, defense, email, encryption, finance, fraud, group, incident response, infrastructure, intelligence, international, interpol, law, malicious, malware, microsoft, ransomware, russia, scam, service, theft, threatA ‘very good thing’: The fact that the same operation broke ransomware operations and a business email compromise (BEC) operation is “unique,” said DiMaggio, because most people think of Africa as the source of BEC and fraud scams.The fact that authorities are working to disrupt ransomware operations in Africa before they grow to the size…
-
React2Shell is the Log4j moment for front end development
What to look for: In an attack tracked by S-RM, immediately after the threat actor gained access to a targeted company’s network, they ran a hidden PowerShell command, establishing command and control (C2) by downloading a Cobalt Strike PowerShell stager, a tactic regularly used by red teamers, and installing a beacon to allow them to…
-
React2Shell is the Log4j moment for front end development
What to look for: In an attack tracked by S-RM, immediately after the threat actor gained access to a targeted company’s network, they ran a hidden PowerShell command, establishing command and control (C2) by downloading a Cobalt Strike PowerShell stager, a tactic regularly used by red teamers, and installing a beacon to allow them to…
-
Makop Ransomware Targets RDP Systems Using AV Killer and Additional Exploits
Makop, a ransomware strain derived from Phobos, continues to pose a significant threat by exploiting exposed Remote Desktop Protocol (RDP) systems and integrating new attack components, including antivirus-killer modules and advanced privilege-escalation exploits. Recent investigations by Acronis TRU researchers reveal that Makop operators have evolved their methodology to include multiple evasion techniques and secondary payload…
-
Makop Ransomware Targets RDP Systems Using AV Killer and Additional Exploits
Makop, a ransomware strain derived from Phobos, continues to pose a significant threat by exploiting exposed Remote Desktop Protocol (RDP) systems and integrating new attack components, including antivirus-killer modules and advanced privilege-escalation exploits. Recent investigations by Acronis TRU researchers reveal that Makop operators have evolved their methodology to include multiple evasion techniques and secondary payload…