Uniden commercial site compromised to distribute Emotet trojan

The official website of Uniden has been compromised to host an MS Word document that delivers a variant of the Emotet trojan known as Geodo and Heodo.

The malicious Word document is capable of delivering three JavaScript payloads and all three payloads have signatures for Geodo.

Uniden's official website was compromised to host an MS Word document which delivers a variant of Emotet trojan called Geodo and Heodo. This was brought to light by URLhaus project, which shared malicious URLs that are being used for malware distribution.

URLhaus stated that the malicious Word document is stored in the ‘/wp-admin/legale/’ folder and includes a macro that downloads the Emotet variant ‘Geodo’. It could possibly deliver three JavaScript payloads and all three payloads have signatures for Geodo.

All three of payloads are currently detected by 26 antivirus engines on VirusTotal. 20 antivirus engines on VirusTotal acknowledges the Word document with a malicious macro as a threat.

Although Uniden was alerted about the said compromise through a twitter post, the website is still compromised.