- The official website of Uniden has been compromised to host an MS Word document that delivers a variant of the Emotet trojan known as Geodo and Heodo.
- The malicious Word document is capable of delivering three JavaScript payloads and all three payloads have signatures for Geodo.
What is the issue - abuse.ch’s URLhaus project uncovered that the official website of Uniden has been compromised to host a MS Word document that delivers a variant of the Emotet trojan known as Geodo and Heodo.
“i feel like it would have been bigger news that Uniden, a kinda major company, maker of electronic products like radio transceivers and stuff... their website has been serving malware all day long. commercial.uniden[.]com/wp-admin/legale/Nachprufung/042019/,” JTHL tweeted.
The big picture
- According to URLhaus, the malicious Word document is stored in the ‘/wp-admin/legale/’ folder and includes a macro that downloads the Emotet variant ‘Geodo’.
- The malicious Word document is capable of delivering three JavaScript payloads and all three payloads have signatures for Geodo.
Worth noting
- All three of payloads are currently detected by 26 antivirus engines on VirusTotal.
- The Word document with the malicious macro is now detected as a threat by 20 antivirus engines on VirusTotal.
What’s the situation now?
Uniden was notified about the compromise via a Twitter post, however, the website still remains compromised.
“@Uniden_America your website is compromised. commercial.uniden[.]com/wp-admin/legale/Nachprufung/042019/ #malware,” the tweet read.
Publisher
/https://cystory-images.s3.amazonaws.com/shutterstock_407112565.jpg)
/https://cystory-images.s3.amazonaws.com/shutterstock_402658597.jpg)
