When Security Software Becomes the Threat: Dream Flags eScan Compromise
In January 2026, Dream uncovered a targeted supply-chain attack in Southeast Asia, where malicious updates were delivered through MicroWorld Technologies’ eScan antivirus infrastructure. Dubbed Verglas internally, the campaign replaced a trusted component with a trojanized version, enabling remote access and blocking future updates to prevent cleanup. Building on earlier reports from MORPHISEC and others, Dream’s platform identified additional indicators and autonomously reconstructed the full infection chain. Organizations using the affected update mechanism should assume compromise and act immediately.