MicroWorld Technologies, the company behind eScan antivirus, announced that one of its update servers was compromised on January 20, 2026. During a two-hour window, a malicious update was distributed to a limited number of customers who accessed this specific regional server. eScan took immediate action by isolating the affected systems and rotating authentication credentials. They also reached out to impacted customers and issued a security advisory the following day. The breach allowed unauthorized access that enabled the delivery of a corrupted update, specifically a modified version of eScan’s update component called “Reload.exe.” This malicious file, despite being signed with what looked like eScan's certificate, was flagged as invalid by Windows and VirusTotal. The malware could alter system settings, prevent further updates, and establish connections with command and control servers to download additional payloads. Morphisec, a security firm, reported the incident and claimed to have detected the malicious activity on the same day as the breach, though eScan disputes that they were the first to report it. Affected users may have experienced various issues, such as update failures and modified system files. eScan has since developed a remediation tool to restore functionality and correct the unauthorized changes. Both eScan and Morphisec advise customers to block the identified command and control servers to enhance security. This incident highlights vulnerabilities in update mechanisms, reminiscent of previous attacks, such as those by North Korean hackers leveraging eScan’s infrastructure for backdoor access.