Emotet can spread to poorly secured Wi-Fi networks and computers on them

2020-02-06 10:32

Until now, Emotet was known to be able to deliver itself to other computers on the same network thanks to its propagation component, which spreads the malware via mounted shares or the use of exploits.

According to Binary Defense researchers, it now has another, even more dangerous propagation trick that allows it to "Hop" onto other Wi-Fi networks and try to compromise computers on it.

After the malware infects a computer that has Wi-Fi capability, it uses the wlanAPI interface to discover any Wi-Fi networks in the area: a neighbor's Wi-Fi network, a free Wi-Fi network at a café, or a Wi-Fi network of a nearby business.

"Even if those networks are protected with a password required to join, the malware tries a list of possible passwords and if one of the guessed passwords works to connect to the Wi-Fi network, it will join the infected computer to that network," Pargman explained.

"Once it is on the network, the malware scans all other computers connected to the same network for any Windows computers that have file sharing enabled. It then retrieves the list of all user accounts on those computers and attempts to guess the passwords to those accounts as well as the Administrator account. If any of the guessed passwords are correct, the malware copies itself to that computer and installs itself by running a remote command on the other computer."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Brx1NAIEZOw/

#wifi