Game over, LAN, game over! Windows software nasty Emotet spotted spreading via brute-forced Wi-Fi networks

2020-02-10 23:06

A new variant of the notorious Emotet Windows malware is able to spread wirelessly by brute-forcing Wi-Fi network passwords and scanning for shared drives to infect.

"Previously thought to only spread through malspam and infected networks, Emotet can use this loader-type to spread through nearby wireless networks if the networks use insecure passwords."

These payloads extract themselves and call wlanAPI.dll, a legitimate Windows code library to connect to Wi-Fi networks.

If that works, the malware will connect to a command-and-control server where it gets the go-ahead to begin a second round of brute-force attacks on Windows PCs on the compromised wireless networks.

Thus, you now have a scenario where one user can get infected and, without any notification or interaction, distribute the malware to everyone else on their network or surrounding wireless networks.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/10/emotet_spreads_over_wifi/

#windows #wifi