The new capability of Emotet trojan highlights the fact that one should always secure their device with a strong password.
Initially identified in 2014, Emotet is a banking trojan that has been used in various malicious campaigns in the past for gaining financial data. An example is of 2017 when it infected Mcafee’s ClickProtect service to trick users by making them download a legitimate-looking Word document which in actuality contained the malware.
Now, it is back albeit with a new way to spread its infection. Featuring a new WiFi module; the trojan now focuses on compromising machines on the same WiFi network. Simply put: Emotet trojan can now spread through nearby wireless networks if the networks use insecure passwords.
To carry the entire operation out, it firstly uses wlanAPI.dll calls to find wireless networks surrounding it excluding the current computer system it has infected.
See: Hackers using Coronavirus emergency to spread Emotet malware
Commenting on the reason wlanAPI.dll calls are used, researchers at BinaryDefence state that,
“It is one of the libraries used by Native WiFi to manage wireless network profiles and wireless network connections” becoming a natural choice.”
Once it finds such a network, it would connect to it automatically and by using brute-force techniques if it is password protected. Therefore, it searches for Windows-based devices and tries to find its way ..
Support the originator by clicking the read the rest link below.
