Jeremy Herold

This Botnet Spreads via Wi-Fi

No Comments

One of the most destructive malware botnets can now spread to nearby Wi-Fi networks

Emotet malware has proven itself to be a top threat. This malware has a sophisticated code base and regularly evolving methods aimed at tricking targets into clicking on malicious links.

From emptying consumers’ bank accounts to installing other types of malware, the cyber criminals that created this malware have gone out of their way to beef up the damage Emotet leaves in its wake.

Emotet is also a master of spreading its infection. Last September, Emotet sent spam emails to victims that addressed them by name and included quotes from past emails that they sent or received. Once the email recipients clicked on the email, the malware infected their system.

That was all just child’s play, as Emotet has now evolved and can use already compromised devices to infect devices that are connected to nearby Wi-Fi networks.

Emotet does so by using a programming interface called wlanapi to profile the SSID, signal strength, and use of WPA or other such encryption methods for password-protecting access.

The malware then uses one of two password lists in order to guess commonly used default username and password combinations.

Once the malware has successfully gained access to a new Wi-Fi network, the infected device establishes a list of all non-hidden devices that are connected to it. Then, using a second password list, the malware tries to guess credentials for each user connected to the drive.

If no connected users are infected, the malware tries to guess the password for the administrator of the shared resource.

When Emotet finds a suitable host, it loads the Emotet malware and any other malware at its disposal, such as Ryuk or TrickBot.

This alarming method of malware spreading underscores the importance of using strong passwords in order to protect devices and networks.

In fact, a strong password may be the last line of defense to stop this malware’s ability to spread from device to device.

Passwords should be randomly generated, or phrases with numbers and symbols replacing some letters in the phrase. The length of the password matters and should be no fewer than 11 characters.

Protect yourself.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648

Subscribe to our newsletter!

More from our blog

See all posts
No Comments
Jeremy Herold information