- The official website of Uniden has been compromised to host an MS Word document that delivers a variant of the Emotet trojan known as Geodo and Heodo.
- The malicious Word document is capable of delivering three JavaScript payloads and all three payloads have signatures for Geodo.
“i feel like it would have been bigger news that Uniden, a kinda major company, maker of electronic products like radio transceivers and stuff... their website has been serving malware all day long. commercial.uniden[.]com/wp-admin/legale/Nachprufung/042019/,” JTHL tweeted.
The big picture
- According to URLhaus, the malicious Word document is stored in the ‘/wp-admin/legale/’ folder and includes a macro that downloads the Emotet variant ‘Geodo’.
- The malicious Word document is capable of delivering three JavaScript payloads and all three payloads have signatures for Geodo.
- All three of payloads are currently detected by 26 antivirus engines on VirusTotal.
- The Word document with the malicious macro is now detected as a threat by 20 antivirus engines on VirusTotal.
Uniden was notified about the compromise via a Twitter post, however, the website still remains compromised.
“@Uniden_America your website is compromised. commercial.uniden[.]com/wp-admin/legale/Nachprufung/042019/ #malware,” the tweet read.
Source: Cyware
No comments:
Post a Comment