Cyber Attack | Data Breach Hacked Uniden Commercial Site Serves Emotet Trojan

Published on April 12th, 2019 📆 | 6983 Views ⚑


Hacked Uniden Commercial Site Serves Emotet Trojan

Uniden's website for commercial security products has been hacked to host a Word document that delivers what appears to be a garden variety of the Emotet trojan, also known as Geodo and Heodo.

Compared to Uniden's main website, which offers a wide range of electronic products (radios, scanners, radar detectors, dash cams, cellular boosters), the solutions available on the commercial branch are limited to cameras (both IP and analog), network video recorders (NVR).

Emotet sitting nice and snug

Discovered by threat tracker JTHL , the malicious Word file is stored in the '/wp-admin/legale/' folder and includes a macro that downloads what seems to be a variant of Emotet, according to URLhaus, a project from that collects, tracks and shares malicious URLs with security professionals and network administrators.

With the help of 265 volunteer security researchers, over a period of about ten months, URLhaus project contributed to taking down 100,000 websites actively engaged in malware distribution.

As per URLhaus analysis, the malicious document can deliver three JavaScript payloads and all of them have signatures for Heodo, another name for Emotet.

All three of them are detected by 26 antivirus engines on VirusTotal scanning service at the moment. The Word document with the malicious macro is now detected as a threat by 20 antivirus engines on the same service.

Macros are disabled by default in popular suites like Microsoft Office and LibreOffice, but the cybercriminals turned to social engineering to determine the victim to activate the script and thus start the malware download routine, and offer clear instructions on how to do it.

Company has been notified

It is unclear when the malware was planted on the website, but it is still present at the moment of writing, despite the company being first alerted of the situation over Twitter more than 24 hours ago.

BleepingComputer has also sent the company an email requesting a statement about the current situation but did not receive a reply at publishing time.

Uniden is a major manufacturer of electronic equipment but popularity and size of an organization is no reason to dissuade cybercriminals from hacking their websites and store their malware.

Recently, threat researcher MalwareHunterTeam tweeted about a similar situation with a subdomain from the Northwestern University for its Computational Photography Lab, where he found several malicious payloads, some of them being Shade ransomware.

In this case, too, it took the admins more than a day since notification time to remove the threats.

Source link

Download Best WordPress Themes Free Download
Premium WordPress Themes Download
Download WordPress Themes
Free Download WordPress Themes
download udemy paid course for free

Tagged with:

Leave a Reply ✍