Avast reported that GuptiMiner hijacked the eScan antivirus update mechanism to distribute backdoors and coinminers, turning trusted security software updates into a supply-chain delivery path. The campaign included a multi-modular backdoor capable of receiving attacker commands, installing additional modules, and scanning local systems for stored private keys and cryptocurrency wallets, with possible Kimsuky ties based on similarities to Kimsuky keylogger components.