Emotet botnet can now spread to nearby WiFi networks

Posted on Wednesday, Feb 12 2020 @ 16:00 CET by Thomas De Maesschalck
Emotet, one of the most destructive botnets, has learned a new trick. ARS Technica reports the malware is now able to spread to nearby insecure WiFi networks. The ability to jump from network to network gives Emotet a new threat vector.
World’s most destructive botnet returns with stolen passwords and email in tow Last month, Emotet operators were caught using an updated version that uses infected devices to enumerate all nearby Wi-Fi networks. It uses a programming interface called wlanAPI to profile the SSID, signal strength, and use of WPA or other encryption methods for password-protecting access. Then, the malware uses one of two password lists to guess commonly used default username and password combinations.

After successfully gaining access to a new Wi-Fi network, the infected device enumerates all non-hidden devices that are connected to it. Using a second password list, the malware then tries to guess credentials for each user connected to the drive. In the event that no connected users are infected, the malware tries to guess the password for the administrator of the shared resource.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments