Supply chain attack on eScan antivirus: detecting and remediating malicious updates

UPD 30.01.2026: Added technical details about the attack chain and more IoCs. On January 20, a supply chain attack has occurred, with the infected software being the eScan antivirus developed by the Indian company MicroWorld Technologies. The previously unknown malware was distributed through the...

CVE-2018-6202

In eScan Antivirus 14.0.1400.2029, the driver file econceal.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F8...

CVE-2018-6203

In eScan Antivirus 14.0.1400.2029, the driver file econceal.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300210C...

CVE-2018-6201

In eScan Antivirus 14.0.1400.2029, the driver file econceal.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020E0 or 0x830020E4...

CVE-2025-1369

A vulnerability classified as critical was found in MicroWord eScan Antivirus 7.0.32 on Linux. Affected by this vulnerability is an unknown functionality of the component USB Password Handler. The manipulation leads to os command injection. The attack needs to be approached locally. The complexit...

CVE-2025-1367

A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux. It has been classified as critical. This affects the function sprintf of the component USB Password Handler. The manipulation leads to buffer overflow. An attack has to be approached locally. The vendor was contacted early...

EUVD-2018-17963

Malware in sbrugna...

EUVD-2018-17964

Malware in sbrugna...

EUVD-2018-17962

Malware in sbrugna...

EUVD-2023-34323

Malicious code in bioql PyPI...

EUVD-2024-25616

Malicious code in bioql PyPI...

EUVD-2025-2124

Malicious code in bioql PyPI...

EUVD-2025-2125

Malicious code in bioql PyPI...

EUVD-2025-1872

Malicious code in bioql PyPI...

EUVD-2025-2128

Malicious code in bioql PyPI...

CVE-2024-13990 MicroWorld eScan AV Insecure Update Mechanism Allows Man-in-the-Middle Replacement of Updates

MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...

Linux Distros Unpatched Vulnerability : CVE-2025-1369

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as critical was found in MicroWord eScan Antivirus 7.0.32 on Linux. Affected by this vulnerability is an unknown functionality of the...

CVE-2025-0797

A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects unknown code of the file /var/Microworld/ of the component Quarantine Handler. The manipulation leads to incorrect default permissions. The attack needs to be...

CVE-2024-28519

A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld Technologies Inc eScan Antivirus could allow privilege escalation for low-privileged users...

CVE-2023-2875

A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on...