Emotet, one of the most destructive botnets, has learned a new trick. ARS Technica reports the malware is now able to spread to nearby insecure WiFi networks. The ability to jump from network to network gives Emotet a new threat vector.
World’s most destructive botnet returns with stolen passwords and email in tow
Last month, Emotet operators were caught using an updated version that uses infected devices to enumerate all nearby Wi-Fi networks. It uses a programming interface called wlanAPI to profile the SSID, signal strength, and use of WPA or other encryption methods for password-protecting access. Then, the malware uses one of two password lists to guess commonly used default username and password combinations.
After successfully gaining access to a new Wi-Fi network, the infected device enumerates all non-hidden devices that are connected to it. Using a second password list, the malware then tries to guess credentials for each user connected to the drive. In the event that no connected users are infected, the malware tries to guess the password for the administrator of the shared resource.