CTOLCTOL Solutions
CTOL Digital SolutionsCTOL Digital Solutions FRCTOL Digital Solutions DACHCTOL 디지털 솔루션希图科技
News
Services CIO/CTO AdvisoryCloud ComputingDigital Marketing and SalesData Science and Business IntelligenceGenerative AI for BusinessWeb3 and Defi for EnterpriseWeb and Mobile Apps DevelopmentDigital Business ConsultancyLegacy App ModernizationWeb Design and User Experience
Industries Aerospace and DefenseAutomotiveBankingCapital MarketsCommunications and MediaConsumer Goods and ServicesEnergyHealth and Health CareInternetManufacturingInsurancePublic & Social SectorRetailTravelTelecommunicationsPharmaPrivate Equity & venture CapitalEducationOil and GasReal EstateConstruction and Building MaterialLegal ServicesGastronomy and Hospitality
InsightsSoftwareAI Tools
Contact Us
eScan Antivirus Service Targeted by Long-Term Malware Attack

eScan Antivirus Service Targeted by Long-Term Malware Attack

By
Amélie Chevalier
2 min read
InternetAI

Hackers have been using an antivirus service to infect users with malware for five years. This happened because the antivirus service delivered updates over HTTP, making it vulnerable to attacks. The attackers were able to perform a man-in-the-middle attack, intercepting the updates and replacing them with corrupted files that installed backdoors. The malicious software, known as GuptiMiner, also installed a cryptocurrency miner. There are suspicions that the attackers may have ties to the North Korean government. The antivirus service, eScan, has since fixed the security vulnerability.

Key Takeaways

  • eScan AV updates were delivered over HTTP for five years, leading to a vulnerability.
  • Hackers, potentially from North Korea, used a man-in-the-middle attack to replace genuine updates with a backdoor.
  • The attack involved a complex infection chain, utilizing various obfuscation techniques and stealth measures.
  • The malware GuptiMiner, circulating since 2018, could be linked to a group backed by the North Korean government.
  • The incident exposed major security flaws in eScan, which failed to deliver updates over HTTPS and enforce digital signing.

Analysis

The compromise of the antivirus service eScan, due to its delivery of updates over HTTP, has led to a prolonged vulnerability exploited by hackers, potentially tied to the North Korean government. This breach not only impacted eScan but also compromised the security of its users, with the installation of malicious software and cryptocurrency miners. Short-term consequences include compromised systems and potential data theft, while long-term effects may involve reputational damage for eScan and increased scrutiny of software security practices. Additionally, this incident underscores the need for more stringent security measures in the delivery of software updates and the increasing sophistication of cyber threats originating from state-sponsored actors.

Did You Know?

  • Man-in-the-middle Attack: A man-in-the-middle attack is a cyber attack where the attacker secretly intercepts and possibly alters communications between two parties who believe they are communicating directly with each other. In this case, hackers used this technique to replace genuine antivirus updates with corrupted files, allowing them to install backdoors and malware on users' systems.

  • Backdoor: A backdoor is a method of bypassing normal authentication or encryption for obtaining unauthorized access to a computer system. In this incident, the attackers inserted backdoors into the corrupted antivirus updates, allowing them continued access to the infected systems.

  • Cryptocurrency Miner: A cryptocurrency miner is a program that utilizes a computer's processing power to mine for cryptocurrencies such as Bitcoin or Monero, often without the user's consent. The malware GuptiMiner installed a cryptocurrency miner on infected systems, potentially allowing the attackers to profit from the illicit mining activities.

You May Also Like

This article is submitted by our user under the News Submission Rules and Guidelines. The cover photo is computer generated art for illustrative purposes only; not indicative of factual content. If you believe this article infringes upon copyright rights, please do not hesitate to report it by sending an email to us. Your vigilance and cooperation are invaluable in helping us maintain a respectful and legally compliant community.

Subscribe to our Newsletter

Get the latest in enterprise business and tech with exclusive peeks at our new offerings